npm - open-multi-agent-kit - Versions diffs - 0.78.0 - Mend

open-multi-agent-kit 0.78.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1304) hide show

package/AGENTS.md +550 -0
package/CHANGELOG.md +464 -0
package/CLAUDE.md +8 -0
package/DESIGN.md +334 -0
package/GEMINI.md +8 -0
package/LICENSE +21 -0
package/MATURITY.md +77 -0
package/README.md +279 -0
package/ROADMAP.md +130 -0
package/SECURITY.md +83 -0
package/WORKER_MANIFEST.md +35 -0
package/dist/adapters/commandcode/commandcode-cli-adapter.d.ts +10 -0
package/dist/adapters/commandcode/commandcode-cli-adapter.js +57 -0
package/dist/adapters/kimi/ascii-art.d.ts +1 -0
package/dist/adapters/kimi/ascii-art.js +23 -0
package/dist/adapters/kimi/banner.d.ts +53 -0
package/dist/adapters/kimi/banner.js +284 -0
package/dist/adapters/kimi/bug-filter.d.ts +15 -0
package/dist/adapters/kimi/bug-filter.js +150 -0
package/dist/adapters/kimi/capability.d.ts +25 -0
package/dist/adapters/kimi/capability.js +68 -0
package/dist/adapters/kimi/continue-prompt-guard.d.ts +20 -0
package/dist/adapters/kimi/continue-prompt-guard.js +70 -0
package/dist/adapters/kimi/isolated-home.d.ts +21 -0
package/dist/adapters/kimi/isolated-home.js +270 -0
package/dist/adapters/kimi/runner.d.ts +71 -0
package/dist/adapters/kimi/runner.js +1084 -0
package/dist/adapters/kimi/simple-art.d.ts +1 -0
package/dist/adapters/kimi/simple-art.js +1 -0
package/dist/adapters/kimi/statusline.d.ts +26 -0
package/dist/adapters/kimi/statusline.js +142 -0
package/dist/adapters/kimi/usage.d.ts +52 -0
package/dist/adapters/kimi/usage.js +481 -0
package/dist/adapters/kimi/wire-client.d.ts +142 -0
package/dist/adapters/kimi/wire-client.js +725 -0
package/dist/adapters/kimi/wire-protocol-types.d.ts +549 -0
package/dist/adapters/kimi/wire-protocol-types.js +59 -0
package/dist/adapters/opencode/opencode-cli-adapter.d.ts +9 -0
package/dist/adapters/opencode/opencode-cli-adapter.js +43 -0
package/dist/awareness/classifiers/browser-console-classifier.d.ts +3 -0
package/dist/awareness/classifiers/browser-console-classifier.js +47 -0
package/dist/awareness/classifiers/evidence-gap-classifier.d.ts +3 -0
package/dist/awareness/classifiers/evidence-gap-classifier.js +31 -0
package/dist/awareness/classifiers/stalled-run-classifier.d.ts +2 -0
package/dist/awareness/classifiers/stalled-run-classifier.js +24 -0
package/dist/awareness/notice-store.d.ts +6 -0
package/dist/awareness/notice-store.js +91 -0
package/dist/awareness/notice.d.ts +17 -0
package/dist/awareness/notice.js +1 -0
package/dist/awareness/noticer-engine.d.ts +42 -0
package/dist/awareness/noticer-engine.js +63 -0
package/dist/awareness/router.d.ts +6 -0
package/dist/awareness/router.js +46 -0
package/dist/brand/matrix-rain.d.ts +15 -0
package/dist/brand/matrix-rain.js +132 -0
package/dist/brand/omk-matrix-art.d.ts +1 -0
package/dist/brand/omk-matrix-art.js +10 -0
package/dist/brand/omk-simple-art.d.ts +7 -0
package/dist/brand/omk-simple-art.js +13 -0
package/dist/brand/palette.d.ts +194 -0
package/dist/brand/palette.js +53 -0
package/dist/brand/theme.d.ts +41 -0
package/dist/brand/theme.js +262 -0
package/dist/browser/browser-feedback.d.ts +10 -0
package/dist/browser/browser-feedback.js +84 -0
package/dist/browser/browser-observer.d.ts +21 -0
package/dist/browser/browser-observer.js +159 -0
package/dist/browser/browser-session.d.ts +26 -0
package/dist/browser/browser-session.js +63 -0
package/dist/cli/command-registry.d.ts +2 -0
package/dist/cli/command-registry.js +20 -0
package/dist/cli/input/argv-parser.d.ts +16 -0
package/dist/cli/input/argv-parser.js +50 -0
package/dist/cli/input/command-envelope.d.ts +16 -0
package/dist/cli/input/command-envelope.js +64 -0
package/dist/cli/input/config-loader.d.ts +16 -0
package/dist/cli/input/config-loader.js +48 -0
package/dist/cli/input/index.d.ts +8 -0
package/dist/cli/input/index.js +8 -0
package/dist/cli/input/input-resolver.d.ts +13 -0
package/dist/cli/input/input-resolver.js +50 -0
package/dist/cli/input/validator.d.ts +10 -0
package/dist/cli/input/validator.js +37 -0
package/dist/cli/main.d.ts +4 -0
package/dist/cli/main.js +34 -0
package/dist/cli/output/error-renderer.d.ts +10 -0
package/dist/cli/output/error-renderer.js +68 -0
package/dist/cli/output/hash.d.ts +1 -0
package/dist/cli/output/hash.js +10 -0
package/dist/cli/output/index.d.ts +9 -0
package/dist/cli/output/index.js +9 -0
package/dist/cli/output/json-renderer.d.ts +7 -0
package/dist/cli/output/json-renderer.js +35 -0
package/dist/cli/output/markdown-renderer.d.ts +5 -0
package/dist/cli/output/markdown-renderer.js +86 -0
package/dist/cli/output/nlp-renderer.d.ts +7 -0
package/dist/cli/output/nlp-renderer.js +96 -0
package/dist/cli/output/output-router.d.ts +5 -0
package/dist/cli/output/output-router.js +33 -0
package/dist/cli/register-awareness-commands.d.ts +2 -0
package/dist/cli/register-awareness-commands.js +133 -0
package/dist/cli/register-basic-commands.d.ts +2 -0
package/dist/cli/register-basic-commands.js +487 -0
package/dist/cli/register-integration-commands.d.ts +2 -0
package/dist/cli/register-integration-commands.js +59 -0
package/dist/cli/register-mcp-dag-cron-screenshot-commands.d.ts +2 -0
package/dist/cli/register-mcp-dag-cron-screenshot-commands.js +273 -0
package/dist/cli/register-openai-codex-commands.d.ts +2 -0
package/dist/cli/register-openai-codex-commands.js +55 -0
package/dist/cli/register-provider-commands.d.ts +2 -0
package/dist/cli/register-provider-commands.js +244 -0
package/dist/cli/register-spec-agent-goal-commands.d.ts +2 -0
package/dist/cli/register-spec-agent-goal-commands.js +441 -0
package/dist/cli/register-tool-commands.d.ts +2 -0
package/dist/cli/register-tool-commands.js +191 -0
package/dist/cli/register-workflow-commands.d.ts +2 -0
package/dist/cli/register-workflow-commands.js +157 -0
package/dist/cli/registry/core.d.ts +2 -0
package/dist/cli/registry/core.js +27 -0
package/dist/cli/registry/session.d.ts +2 -0
package/dist/cli/registry/session.js +137 -0
package/dist/cli/registry/system.d.ts +2 -0
package/dist/cli/registry/system.js +95 -0
package/dist/cli/registry/tooling.d.ts +2 -0
package/dist/cli/registry/tooling.js +111 -0
package/dist/cli/registry/visual.d.ts +2 -0
package/dist/cli/registry/visual.js +91 -0
package/dist/cli/root.d.ts +10 -0
package/dist/cli/root.js +118 -0
package/dist/cli/runtime/capability-selector.d.ts +18 -0
package/dist/cli/runtime/capability-selector.js +208 -0
package/dist/cli/runtime/cli-runtime.d.ts +10 -0
package/dist/cli/runtime/cli-runtime.js +35 -0
package/dist/cli/runtime/cli-writer.d.ts +18 -0
package/dist/cli/runtime/cli-writer.js +87 -0
package/dist/cli/runtime/command-bus.d.ts +45 -0
package/dist/cli/runtime/command-bus.js +132 -0
package/dist/cli/runtime/event-bus.d.ts +12 -0
package/dist/cli/runtime/event-bus.js +31 -0
package/dist/cli/runtime/generic-provider-adapter.d.ts +24 -0
package/dist/cli/runtime/generic-provider-adapter.js +38 -0
package/dist/cli/runtime/index.d.ts +17 -0
package/dist/cli/runtime/index.js +18 -0
package/dist/cli/runtime/intent-classifier.d.ts +16 -0
package/dist/cli/runtime/intent-classifier.js +113 -0
package/dist/cli/runtime/plan-controller.d.ts +7 -0
package/dist/cli/runtime/plan-controller.js +29 -0
package/dist/cli/runtime/provider-adapter-registry.d.ts +32 -0
package/dist/cli/runtime/provider-adapter-registry.js +60 -0
package/dist/cli/runtime/provider-event-normalizer.d.ts +19 -0
package/dist/cli/runtime/provider-event-normalizer.js +150 -0
package/dist/cli/runtime/run-controller.d.ts +7 -0
package/dist/cli/runtime/run-controller.js +30 -0
package/dist/cli/runtime/runtime-sidecar.d.ts +17 -0
package/dist/cli/runtime/runtime-sidecar.js +138 -0
package/dist/cli/runtime/task-controller.d.ts +7 -0
package/dist/cli/runtime/task-controller.js +29 -0
package/dist/cli/runtime/types.d.ts +312 -0
package/dist/cli/runtime/types.js +6 -0
package/dist/cli/theme/index.d.ts +9 -0
package/dist/cli/theme/index.js +6 -0
package/dist/cli/theme/terminal-capability.d.ts +18 -0
package/dist/cli/theme/terminal-capability.js +88 -0
package/dist/cli/theme/theme-registry.d.ts +25 -0
package/dist/cli/theme/theme-registry.js +336 -0
package/dist/cli/theme/theme-resolver.d.ts +12 -0
package/dist/cli/theme/theme-resolver.js +38 -0
package/dist/cli/ui/event.d.ts +65 -0
package/dist/cli/ui/event.js +1 -0
package/dist/cli/ui/green-rain-renderer.d.ts +17 -0
package/dist/cli/ui/green-rain-renderer.js +96 -0
package/dist/cli/ui/neon-grid-renderer.d.ts +17 -0
package/dist/cli/ui/neon-grid-renderer.js +99 -0
package/dist/cli/ui/plain-renderer.d.ts +37 -0
package/dist/cli/ui/plain-renderer.js +160 -0
package/dist/cli/ui/renderer.d.ts +7 -0
package/dist/cli/ui/renderer.js +1 -0
package/dist/cli/ui/rich-renderer.d.ts +32 -0
package/dist/cli/ui/rich-renderer.js +234 -0
package/dist/cli/ui/route-blocked-panel.d.ts +5 -0
package/dist/cli/ui/route-blocked-panel.js +67 -0
package/dist/cli/ui/rust-forge-renderer.d.ts +19 -0
package/dist/cli/ui/rust-forge-renderer.js +129 -0
package/dist/cli/ui/system24-renderer.d.ts +79 -0
package/dist/cli/ui/system24-renderer.js +508 -0
package/dist/cli/v2/chat-repl.d.ts +37 -0
package/dist/cli/v2/chat-repl.js +280 -0
package/dist/cli/v2/cli-v2-skeleton.d.ts +99 -0
package/dist/cli/v2/cli-v2-skeleton.js +350 -0
package/dist/cli/v2/interactive-prompt.d.ts +51 -0
package/dist/cli/v2/interactive-prompt.js +187 -0
package/dist/cli/v2/persistent-memory.d.ts +70 -0
package/dist/cli/v2/persistent-memory.js +229 -0
package/dist/cli/v2/provider-commands.d.ts +120 -0
package/dist/cli/v2/provider-commands.js +244 -0
package/dist/cli/v2/workflow-commands.d.ts +72 -0
package/dist/cli/v2/workflow-commands.js +198 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +17 -0
package/dist/cockpit/git-numstat.d.ts +10 -0
package/dist/cockpit/git-numstat.js +97 -0
package/dist/cockpit/lsp-status.d.ts +5 -0
package/dist/cockpit/lsp-status.js +51 -0
package/dist/cockpit/types.d.ts +66 -0
package/dist/cockpit/types.js +4 -0
package/dist/cockpit/views/rail-view.d.ts +9 -0
package/dist/cockpit/views/rail-view.js +160 -0
package/dist/commands/agent.d.ts +6 -0
package/dist/commands/agent.js +263 -0
package/dist/commands/appshot.d.ts +15 -0
package/dist/commands/appshot.js +122 -0
package/dist/commands/auth.d.ts +43 -0
package/dist/commands/auth.js +167 -0
package/dist/commands/browser.d.ts +18 -0
package/dist/commands/browser.js +110 -0
package/dist/commands/chat/chat-turn-dag.d.ts +21 -0
package/dist/commands/chat/chat-turn-dag.js +72 -0
package/dist/commands/chat/core.d.ts +27 -0
package/dist/commands/chat/core.js +418 -0
package/dist/commands/chat/index.d.ts +5 -0
package/dist/commands/chat/index.js +5 -0
package/dist/commands/chat/native-root-loop.d.ts +57 -0
package/dist/commands/chat/native-root-loop.js +1041 -0
package/dist/commands/chat/runtime.d.ts +46 -0
package/dist/commands/chat/runtime.js +395 -0
package/dist/commands/chat/slash/commands/control.d.ts +2 -0
package/dist/commands/chat/slash/commands/control.js +196 -0
package/dist/commands/chat/slash/commands/diagnostics.d.ts +2 -0
package/dist/commands/chat/slash/commands/diagnostics.js +64 -0
package/dist/commands/chat/slash/commands/harness.d.ts +2 -0
package/dist/commands/chat/slash/commands/harness.js +21 -0
package/dist/commands/chat/slash/commands/index.d.ts +2 -0
package/dist/commands/chat/slash/commands/index.js +18 -0
package/dist/commands/chat/slash/commands/routing.d.ts +2 -0
package/dist/commands/chat/slash/commands/routing.js +355 -0
package/dist/commands/chat/slash/commands/session.d.ts +2 -0
package/dist/commands/chat/slash/commands/session.js +86 -0
package/dist/commands/chat/slash/commands/tool-plane.d.ts +2 -0
package/dist/commands/chat/slash/commands/tool-plane.js +64 -0
package/dist/commands/chat/slash/commands/ui.d.ts +2 -0
package/dist/commands/chat/slash/commands/ui.js +108 -0
package/dist/commands/chat/slash/context.d.ts +3 -0
package/dist/commands/chat/slash/context.js +9 -0
package/dist/commands/chat/slash/format.d.ts +3 -0
package/dist/commands/chat/slash/format.js +19 -0
package/dist/commands/chat/slash/parser.d.ts +15 -0
package/dist/commands/chat/slash/parser.js +97 -0
package/dist/commands/chat/slash/registry.d.ts +13 -0
package/dist/commands/chat/slash/registry.js +38 -0
package/dist/commands/chat/slash/result.d.ts +7 -0
package/dist/commands/chat/slash/result.js +35 -0
package/dist/commands/chat/slash/types.d.ts +32 -0
package/dist/commands/chat/slash/types.js +1 -0
package/dist/commands/chat/startup.d.ts +68 -0
package/dist/commands/chat/startup.js +150 -0
package/dist/commands/chat/state.d.ts +3 -0
package/dist/commands/chat/state.js +100 -0
package/dist/commands/chat/utils.d.ts +25 -0
package/dist/commands/chat/utils.js +208 -0
package/dist/commands/chat.d.ts +2 -0
package/dist/commands/chat.js +2 -0
package/dist/commands/cockpit/core.d.ts +5 -0
package/dist/commands/cockpit/core.js +91 -0
package/dist/commands/cockpit/render.d.ts +5 -0
package/dist/commands/cockpit/render.js +931 -0
package/dist/commands/cockpit/scroll.d.ts +39 -0
package/dist/commands/cockpit/scroll.js +87 -0
package/dist/commands/cockpit/telemetry.d.ts +30 -0
package/dist/commands/cockpit/telemetry.js +361 -0
package/dist/commands/cockpit/update-loop.d.ts +54 -0
package/dist/commands/cockpit/update-loop.js +285 -0
package/dist/commands/cockpit/utils.d.ts +231 -0
package/dist/commands/cockpit/utils.js +388 -0
package/dist/commands/cockpit.d.ts +8 -0
package/dist/commands/cockpit.js +7 -0
package/dist/commands/codex.d.ts +70 -0
package/dist/commands/codex.js +597 -0
package/dist/commands/consent.d.ts +24 -0
package/dist/commands/consent.js +255 -0
package/dist/commands/cron.d.ts +16 -0
package/dist/commands/cron.js +187 -0
package/dist/commands/dag-from-spec.d.ts +30 -0
package/dist/commands/dag-from-spec.js +284 -0
package/dist/commands/dag.d.ts +10 -0
package/dist/commands/dag.js +467 -0
package/dist/commands/design.d.ts +73 -0
package/dist/commands/design.js +1251 -0
package/dist/commands/diff-runs.d.ts +3 -0
package/dist/commands/diff-runs.js +36 -0
package/dist/commands/do.d.ts +29 -0
package/dist/commands/do.js +196 -0
package/dist/commands/doctor/checks.d.ts +20 -0
package/dist/commands/doctor/checks.js +896 -0
package/dist/commands/doctor/core.d.ts +2 -0
package/dist/commands/doctor/core.js +53 -0
package/dist/commands/doctor/fix-plan.d.ts +69 -0
package/dist/commands/doctor/fix-plan.js +78 -0
package/dist/commands/doctor/fix.d.ts +5 -0
package/dist/commands/doctor/fix.js +1002 -0
package/dist/commands/doctor/report.d.ts +7 -0
package/dist/commands/doctor/report.js +151 -0
package/dist/commands/doctor/utils.d.ts +52 -0
package/dist/commands/doctor/utils.js +124 -0
package/dist/commands/doctor.d.ts +2 -0
package/dist/commands/doctor.js +1 -0
package/dist/commands/goal.d.ts +46 -0
package/dist/commands/goal.js +492 -0
package/dist/commands/google.d.ts +1 -0
package/dist/commands/google.js +27 -0
package/dist/commands/graph.d.ts +9 -0
package/dist/commands/graph.js +26 -0
package/dist/commands/hud.d.ts +57 -0
package/dist/commands/hud.js +1031 -0
package/dist/commands/image.d.ts +16 -0
package/dist/commands/image.js +102 -0
package/dist/commands/init/config.d.ts +8 -0
package/dist/commands/init/config.js +97 -0
package/dist/commands/init/constants.d.ts +7 -0
package/dist/commands/init/constants.js +49 -0
package/dist/commands/init/content.d.ts +12 -0
package/dist/commands/init/content.js +1783 -0
package/dist/commands/init/core.d.ts +2 -0
package/dist/commands/init/core.js +298 -0
package/dist/commands/init/interactive.d.ts +9 -0
package/dist/commands/init/interactive.js +170 -0
package/dist/commands/init/scaffold.d.ts +17 -0
package/dist/commands/init/scaffold.js +146 -0
package/dist/commands/init/types.d.ts +35 -0
package/dist/commands/init/types.js +1 -0
package/dist/commands/init/utils.d.ts +13 -0
package/dist/commands/init/utils.js +107 -0
package/dist/commands/init.d.ts +32 -0
package/dist/commands/init.js +2581 -0
package/dist/commands/inspect.d.ts +9 -0
package/dist/commands/inspect.js +12 -0
package/dist/commands/lsp.d.ts +8 -0
package/dist/commands/lsp.js +60 -0
package/dist/commands/mcp.d.ts +104 -0
package/dist/commands/mcp.js +1603 -0
package/dist/commands/menu.d.ts +4 -0
package/dist/commands/menu.js +213 -0
package/dist/commands/merge.d.ts +8 -0
package/dist/commands/merge.js +229 -0
package/dist/commands/mode.d.ts +3 -0
package/dist/commands/mode.js +60 -0
package/dist/commands/model.d.ts +15 -0
package/dist/commands/model.js +215 -0
package/dist/commands/notice.d.ts +7 -0
package/dist/commands/notice.js +76 -0
package/dist/commands/open-design-agent.d.ts +46 -0
package/dist/commands/open-design-agent.js +569 -0
package/dist/commands/orchestrate.d.ts +18 -0
package/dist/commands/orchestrate.js +284 -0
package/dist/commands/parallel/core.d.ts +34 -0
package/dist/commands/parallel/core.js +296 -0
package/dist/commands/parallel/index.d.ts +5 -0
package/dist/commands/parallel/index.js +5 -0
package/dist/commands/parallel/interactive.d.ts +27 -0
package/dist/commands/parallel/interactive.js +172 -0
package/dist/commands/parallel/orchestrator.d.ts +40 -0
package/dist/commands/parallel/orchestrator.js +564 -0
package/dist/commands/parallel/utils.d.ts +12 -0
package/dist/commands/parallel/utils.js +114 -0
package/dist/commands/parallel/worker.d.ts +43 -0
package/dist/commands/parallel/worker.js +276 -0
package/dist/commands/parallel.d.ts +4 -0
package/dist/commands/parallel.js +3 -0
package/dist/commands/plan.d.ts +6 -0
package/dist/commands/plan.js +113 -0
package/dist/commands/project-index.d.ts +18 -0
package/dist/commands/project-index.js +312 -0
package/dist/commands/provider.d.ts +65 -0
package/dist/commands/provider.js +619 -0
package/dist/commands/rail.d.ts +6 -0
package/dist/commands/rail.js +7 -0
package/dist/commands/replay.d.ts +7 -0
package/dist/commands/replay.js +10 -0
package/dist/commands/research.d.ts +5 -0
package/dist/commands/research.js +48 -0
package/dist/commands/run.d.ts +15 -0
package/dist/commands/run.js +312 -0
package/dist/commands/runs.d.ts +36 -0
package/dist/commands/runs.js +504 -0
package/dist/commands/screenshot.d.ts +10 -0
package/dist/commands/screenshot.js +72 -0
package/dist/commands/skill.d.ts +28 -0
package/dist/commands/skill.js +382 -0
package/dist/commands/snip.d.ts +8 -0
package/dist/commands/snip.js +77 -0
package/dist/commands/spec.d.ts +17 -0
package/dist/commands/spec.js +262 -0
package/dist/commands/specify.d.ts +18 -0
package/dist/commands/specify.js +111 -0
package/dist/commands/star.d.ts +3 -0
package/dist/commands/star.js +30 -0
package/dist/commands/summary.d.ts +2 -0
package/dist/commands/summary.js +343 -0
package/dist/commands/sync.d.ts +6 -0
package/dist/commands/sync.js +129 -0
package/dist/commands/team.d.ts +7 -0
package/dist/commands/team.js +264 -0
package/dist/commands/verify.d.ts +4 -0
package/dist/commands/verify.js +320 -0
package/dist/commands/version.d.ts +6 -0
package/dist/commands/version.js +83 -0
package/dist/commands/web-bridge.d.ts +12 -0
package/dist/commands/web-bridge.js +75 -0
package/dist/commands/why.d.ts +14 -0
package/dist/commands/why.js +46 -0
package/dist/commands/workflow.d.ts +13 -0
package/dist/commands/workflow.js +385 -0
package/dist/contracts/dag.d.ts +134 -0
package/dist/contracts/dag.js +4 -0
package/dist/contracts/decision.d.ts +23 -0
package/dist/contracts/decision.js +1 -0
package/dist/contracts/envelope.d.ts +29 -0
package/dist/contracts/envelope.js +1 -0
package/dist/contracts/errors.d.ts +13 -0
package/dist/contracts/errors.js +15 -0
package/dist/contracts/evidence.d.ts +23 -0
package/dist/contracts/evidence.js +1 -0
package/dist/contracts/goal.d.ts +169 -0
package/dist/contracts/goal.js +4 -0
package/dist/contracts/hud.d.ts +17 -0
package/dist/contracts/hud.js +4 -0
package/dist/contracts/index.d.ts +8 -0
package/dist/contracts/index.js +8 -0
package/dist/contracts/orchestration.d.ts +215 -0
package/dist/contracts/orchestration.js +4 -0
package/dist/contracts/proof.d.ts +32 -0
package/dist/contracts/proof.js +1 -0
package/dist/contracts/provider.d.ts +35 -0
package/dist/contracts/provider.js +1 -0
package/dist/contracts/replay.d.ts +95 -0
package/dist/contracts/replay.js +7 -0
package/dist/contracts/run.d.ts +34 -0
package/dist/contracts/run.js +1 -0
package/dist/contracts/safety.d.ts +10 -0
package/dist/contracts/safety.js +4 -0
package/dist/contracts/version.d.ts +21 -0
package/dist/contracts/version.js +1 -0
package/dist/contracts/web-bridge.d.ts +95 -0
package/dist/contracts/web-bridge.js +168 -0
package/dist/contracts/worker-context.d.ts +70 -0
package/dist/contracts/worker-context.js +1 -0
package/dist/evidence/attempt-record.d.ts +78 -0
package/dist/evidence/attempt-record.js +16 -0
package/dist/evidence/context-snapshot.d.ts +20 -0
package/dist/evidence/context-snapshot.js +81 -0
package/dist/evidence/decision-trace.d.ts +14 -0
package/dist/evidence/decision-trace.js +54 -0
package/dist/evidence/diagnosis.d.ts +15 -0
package/dist/evidence/diagnosis.js +279 -0
package/dist/evidence/evidence-recorder.d.ts +19 -0
package/dist/evidence/evidence-recorder.js +55 -0
package/dist/evidence/index.d.ts +15 -0
package/dist/evidence/index.js +7 -0
package/dist/evidence/run-trace.d.ts +103 -0
package/dist/evidence/run-trace.js +191 -0
package/dist/goal/compiler.d.ts +5 -0
package/dist/goal/compiler.js +350 -0
package/dist/goal/control-loop.d.ts +109 -0
package/dist/goal/control-loop.js +1089 -0
package/dist/goal/ensemble-memory.d.ts +26 -0
package/dist/goal/ensemble-memory.js +55 -0
package/dist/goal/eval-criteria.d.ts +3 -0
package/dist/goal/eval-criteria.js +72 -0
package/dist/goal/evidence.d.ts +20 -0
package/dist/goal/evidence.js +321 -0
package/dist/goal/goal-daemon.d.ts +40 -0
package/dist/goal/goal-daemon.js +318 -0
package/dist/goal/intake.d.ts +48 -0
package/dist/goal/intake.js +561 -0
package/dist/goal/intent-analyzer.d.ts +9 -0
package/dist/goal/intent-analyzer.js +322 -0
package/dist/goal/intent-frame.d.ts +35 -0
package/dist/goal/intent-frame.js +566 -0
package/dist/goal/persistence.d.ts +11 -0
package/dist/goal/persistence.js +134 -0
package/dist/goal/prompt-digest.d.ts +13 -0
package/dist/goal/prompt-digest.js +111 -0
package/dist/goal/scoring.d.ts +2 -0
package/dist/goal/scoring.js +69 -0
package/dist/goal/wake-policy.d.ts +26 -0
package/dist/goal/wake-policy.js +58 -0
package/dist/harness/create-harness-task-runner.d.ts +43 -0
package/dist/harness/create-harness-task-runner.js +56 -0
package/dist/harness/execute-harness-run.d.ts +34 -0
package/dist/harness/execute-harness-run.js +109 -0
package/dist/hooks/events.d.ts +71 -0
package/dist/hooks/events.js +1 -0
package/dist/hooks/hook-bus.d.ts +13 -0
package/dist/hooks/hook-bus.js +59 -0
package/dist/hooks/hook-registry.d.ts +6 -0
package/dist/hooks/hook-registry.js +64 -0
package/dist/hooks/index.d.ts +3 -0
package/dist/hooks/index.js +2 -0
package/dist/hud/index.d.ts +9 -0
package/dist/hud/index.js +11 -0
package/dist/hud/live-renderer.d.ts +17 -0
package/dist/hud/live-renderer.js +52 -0
package/dist/hud/render.d.ts +62 -0
package/dist/hud/render.js +954 -0
package/dist/hud/types.d.ts +58 -0
package/dist/hud/types.js +7 -0
package/dist/input/input-artifacts.d.ts +10 -0
package/dist/input/input-artifacts.js +19 -0
package/dist/input/input-envelope.d.ts +64 -0
package/dist/input/input-envelope.js +86 -0
package/dist/integrations/servarr/adapter.d.ts +29 -0
package/dist/integrations/servarr/adapter.js +156 -0
package/dist/integrations/servarr/commands.d.ts +15 -0
package/dist/integrations/servarr/commands.js +119 -0
package/dist/integrations/servarr/schema.d.ts +34 -0
package/dist/integrations/servarr/schema.js +149 -0
package/dist/kimi/ascii-art.d.ts +1 -0
package/dist/kimi/ascii-art.js +23 -0
package/dist/kimi/banner.d.ts +53 -0
package/dist/kimi/banner.js +284 -0
package/dist/kimi/bug-filter.d.ts +15 -0
package/dist/kimi/bug-filter.js +150 -0
package/dist/kimi/capability.d.ts +25 -0
package/dist/kimi/capability.js +68 -0
package/dist/kimi/isolated-home.d.ts +21 -0
package/dist/kimi/isolated-home.js +270 -0
package/dist/kimi/runner.d.ts +74 -0
package/dist/kimi/runner.js +1052 -0
package/dist/kimi/simple-art.d.ts +1 -0
package/dist/kimi/simple-art.js +1 -0
package/dist/kimi/statusline.d.ts +26 -0
package/dist/kimi/statusline.js +142 -0
package/dist/kimi/usage.d.ts +52 -0
package/dist/kimi/usage.js +481 -0
package/dist/kimi/wire-client.d.ts +95 -0
package/dist/kimi/wire-client.js +338 -0
package/dist/lsp/default-config.d.ts +16 -0
package/dist/lsp/default-config.js +26 -0
package/dist/mcp/acp-server.d.ts +2 -0
package/dist/mcp/acp-server.js +357 -0
package/dist/mcp/autoconnect.d.ts +60 -0
package/dist/mcp/autoconnect.js +192 -0
package/dist/mcp/client.d.ts +112 -0
package/dist/mcp/client.js +276 -0
package/dist/mcp/config-permissions.d.ts +23 -0
package/dist/mcp/config-permissions.js +66 -0
package/dist/mcp/consent-flow.d.ts +152 -0
package/dist/mcp/consent-flow.js +329 -0
package/dist/mcp/filesystem-readonly-server.d.ts +2 -0
package/dist/mcp/filesystem-readonly-server.js +320 -0
package/dist/mcp/governance.d.ts +292 -0
package/dist/mcp/governance.js +602 -0
package/dist/mcp/host.d.ts +154 -0
package/dist/mcp/host.js +792 -0
package/dist/mcp/omk-project-server.d.ts +2 -0
package/dist/mcp/omk-project-server.js +1632 -0
package/dist/mcp/omk-web-bridge-server.d.ts +14 -0
package/dist/mcp/omk-web-bridge-server.js +154 -0
package/dist/mcp/permission-resolver.d.ts +67 -0
package/dist/mcp/permission-resolver.js +124 -0
package/dist/mcp/quality-gate.d.ts +36 -0
package/dist/mcp/quality-gate.js +247 -0
package/dist/mcp/quarantine.d.ts +11 -0
package/dist/mcp/quarantine.js +79 -0
package/dist/mcp/secret-scanner.d.ts +189 -0
package/dist/mcp/secret-scanner.js +709 -0
package/dist/mcp/server-catalog.d.ts +36 -0
package/dist/mcp/server-catalog.js +168 -0
package/dist/mcp/shared-secret-registry.d.ts +61 -0
package/dist/mcp/shared-secret-registry.js +171 -0
package/dist/mcp/transports/stdio.d.ts +22 -0
package/dist/mcp/transports/stdio.js +165 -0
package/dist/mcp/transports/streamable-http.d.ts +31 -0
package/dist/mcp/transports/streamable-http.js +289 -0
package/dist/mcp/transports/transport.d.ts +20 -0
package/dist/mcp/transports/transport.js +3 -0
package/dist/memory/embedding.d.ts +11 -0
package/dist/memory/embedding.js +24 -0
package/dist/memory/graph-viewer.d.ts +72 -0
package/dist/memory/graph-viewer.js +402 -0
package/dist/memory/kuzu-memory-store.d.ts +37 -0
package/dist/memory/kuzu-memory-store.js +453 -0
package/dist/memory/local-graph-memory-store.d.ts +141 -0
package/dist/memory/local-graph-memory-store.js +884 -0
package/dist/memory/memory-config.d.ts +51 -0
package/dist/memory/memory-config.js +187 -0
package/dist/memory/memory-store.d.ts +48 -0
package/dist/memory/memory-store.js +210 -0
package/dist/memory/ontology-model.d.ts +175 -0
package/dist/memory/ontology-model.js +131 -0
package/dist/native/linux-x64/omk-safety +0 -0
package/dist/openai/image-client.d.ts +103 -0
package/dist/openai/image-client.js +380 -0
package/dist/orchestration/agent-worker.d.ts +72 -0
package/dist/orchestration/agent-worker.js +278 -0
package/dist/orchestration/capability-agents.d.ts +14 -0
package/dist/orchestration/capability-agents.js +180 -0
package/dist/orchestration/capability-routing.d.ts +42 -0
package/dist/orchestration/capability-routing.js +65 -0
package/dist/orchestration/compiled-dag-executor.d.ts +56 -0
package/dist/orchestration/compiled-dag-executor.js +88 -0
package/dist/orchestration/completion-artifacts.d.ts +37 -0
package/dist/orchestration/completion-artifacts.js +84 -0
package/dist/orchestration/completion-sentinel.d.ts +37 -0
package/dist/orchestration/completion-sentinel.js +66 -0
package/dist/orchestration/contracts/index.d.ts +45 -0
package/dist/orchestration/contracts/index.js +6 -0
package/dist/orchestration/dag-artifacts.d.ts +11 -0
package/dist/orchestration/dag-artifacts.js +42 -0
package/dist/orchestration/dag-compiler-presets.d.ts +20 -0
package/dist/orchestration/dag-compiler-presets.js +476 -0
package/dist/orchestration/dag-compiler-types.d.ts +40 -0
package/dist/orchestration/dag-compiler-types.js +1 -0
package/dist/orchestration/dag-compiler.d.ts +3 -0
package/dist/orchestration/dag-compiler.js +122 -0
package/dist/orchestration/dag.d.ts +158 -0
package/dist/orchestration/dag.js +310 -0
package/dist/orchestration/diagnostics.d.ts +27 -0
package/dist/orchestration/diagnostics.js +262 -0
package/dist/orchestration/enhanced-modes.d.ts +116 -0
package/dist/orchestration/enhanced-modes.js +231 -0
package/dist/orchestration/enhanced-parallel-orchestrator.d.ts +127 -0
package/dist/orchestration/enhanced-parallel-orchestrator.js +734 -0
package/dist/orchestration/ensemble-decision.d.ts +40 -0
package/dist/orchestration/ensemble-decision.js +297 -0
package/dist/orchestration/ensemble.d.ts +22 -0
package/dist/orchestration/ensemble.js +558 -0
package/dist/orchestration/eta.d.ts +10 -0
package/dist/orchestration/eta.js +75 -0
package/dist/orchestration/evidence-check.d.ts +36 -0
package/dist/orchestration/evidence-check.js +257 -0
package/dist/orchestration/evidence-gate.d.ts +34 -0
package/dist/orchestration/evidence-gate.js +501 -0
package/dist/orchestration/execution-planner.d.ts +40 -0
package/dist/orchestration/execution-planner.js +252 -0
package/dist/orchestration/executor.d.ts +11 -0
package/dist/orchestration/executor.js +979 -0
package/dist/orchestration/interactive-orchestrator.d.ts +134 -0
package/dist/orchestration/interactive-orchestrator.js +450 -0
package/dist/orchestration/log-streamer.d.ts +104 -0
package/dist/orchestration/log-streamer.js +288 -0
package/dist/orchestration/loop-artifacts.d.ts +14 -0
package/dist/orchestration/loop-artifacts.js +20 -0
package/dist/orchestration/loop-controller.d.ts +14 -0
package/dist/orchestration/loop-controller.js +311 -0
package/dist/orchestration/loop-guard.d.ts +28 -0
package/dist/orchestration/loop-guard.js +104 -0
package/dist/orchestration/loop-state.d.ts +86 -0
package/dist/orchestration/loop-state.js +1 -0
package/dist/orchestration/node-monitor.d.ts +18 -0
package/dist/orchestration/node-monitor.js +98 -0
package/dist/orchestration/orchestrate-prompt.d.ts +43 -0
package/dist/orchestration/orchestrate-prompt.js +533 -0
package/dist/orchestration/orchestration-state.d.ts +3 -0
package/dist/orchestration/orchestration-state.js +2 -0
package/dist/orchestration/parallel-orchestrator.d.ts +159 -0
package/dist/orchestration/parallel-orchestrator.js +576 -0
package/dist/orchestration/parallel-ui.d.ts +51 -0
package/dist/orchestration/parallel-ui.js +470 -0
package/dist/orchestration/repair-policy.d.ts +20 -0
package/dist/orchestration/repair-policy.js +221 -0
package/dist/orchestration/routing/inventory.d.ts +9 -0
package/dist/orchestration/routing/inventory.js +273 -0
package/dist/orchestration/routing/mcp-config.d.ts +17 -0
package/dist/orchestration/routing/mcp-config.js +154 -0
package/dist/orchestration/routing/types.d.ts +38 -0
package/dist/orchestration/routing/types.js +4 -0
package/dist/orchestration/routing.d.ts +31 -0
package/dist/orchestration/routing.js +961 -0
package/dist/orchestration/run-state.d.ts +36 -0
package/dist/orchestration/run-state.js +176 -0
package/dist/orchestration/scheduler.d.ts +9 -0
package/dist/orchestration/scheduler.js +85 -0
package/dist/orchestration/skill-assigner.d.ts +22 -0
package/dist/orchestration/skill-assigner.js +345 -0
package/dist/orchestration/state-machine/index.d.ts +3 -0
package/dist/orchestration/state-machine/index.js +3 -0
package/dist/orchestration/state-machine/node-state-machine.d.ts +24 -0
package/dist/orchestration/state-machine/node-state-machine.js +35 -0
package/dist/orchestration/state-machine/run-state-machine.d.ts +38 -0
package/dist/orchestration/state-machine/run-state-machine.js +161 -0
package/dist/orchestration/state-machine/run-state-manager.d.ts +108 -0
package/dist/orchestration/state-machine/run-state-manager.js +314 -0
package/dist/orchestration/state-persister.d.ts +7 -0
package/dist/orchestration/state-persister.js +77 -0
package/dist/orchestration/task-graph.d.ts +29 -0
package/dist/orchestration/task-graph.js +261 -0
package/dist/orchestration/verification-only.d.ts +28 -0
package/dist/orchestration/verification-only.js +94 -0
package/dist/providers/attempt-recorder.d.ts +10 -0
package/dist/providers/attempt-recorder.js +38 -0
package/dist/providers/codex-cli-runner.d.ts +11 -0
package/dist/providers/codex-cli-runner.js +129 -0
package/dist/providers/context-preflight.d.ts +47 -0
package/dist/providers/context-preflight.js +134 -0
package/dist/providers/deepseek/deepseek-balance.d.ts +29 -0
package/dist/providers/deepseek/deepseek-balance.js +80 -0
package/dist/providers/deepseek/deepseek-client.d.ts +53 -0
package/dist/providers/deepseek/deepseek-client.js +164 -0
package/dist/providers/deepseek/deepseek-config.d.ts +89 -0
package/dist/providers/deepseek/deepseek-config.js +272 -0
package/dist/providers/deepseek/deepseek-errors.d.ts +5 -0
package/dist/providers/deepseek/deepseek-errors.js +48 -0
package/dist/providers/deepseek/deepseek-provider.d.ts +10 -0
package/dist/providers/deepseek/deepseek-provider.js +162 -0
package/dist/providers/deepseek/deepseek-super-config.d.ts +31 -0
package/dist/providers/deepseek/deepseek-super-config.js +136 -0
package/dist/providers/deepseek-provider.d.ts +8 -0
package/dist/providers/deepseek-provider.js +78 -0
package/dist/providers/health.d.ts +13 -0
package/dist/providers/health.js +55 -0
package/dist/providers/index.d.ts +22 -0
package/dist/providers/index.js +22 -0
package/dist/providers/kimi-provider-failure.d.ts +8 -0
package/dist/providers/kimi-provider-failure.js +56 -0
package/dist/providers/kimi-provider.d.ts +7 -0
package/dist/providers/kimi-provider.js +27 -0
package/dist/providers/model-registry.d.ts +103 -0
package/dist/providers/model-registry.js +571 -0
package/dist/providers/model-table.d.ts +24 -0
package/dist/providers/model-table.js +140 -0
package/dist/providers/model-tabs.d.ts +33 -0
package/dist/providers/model-tabs.js +98 -0
package/dist/providers/openai-compatible-runner.d.ts +17 -0
package/dist/providers/openai-compatible-runner.js +180 -0
package/dist/providers/provider-router.d.ts +8 -0
package/dist/providers/provider-router.js +174 -0
package/dist/providers/provider-runtime.d.ts +17 -0
package/dist/providers/provider-runtime.js +246 -0
package/dist/providers/provider-stats.d.ts +56 -0
package/dist/providers/provider-stats.js +303 -0
package/dist/providers/provider-task-runner.d.ts +23 -0
package/dist/providers/provider-task-runner.js +1171 -0
package/dist/providers/provider.d.ts +74 -0
package/dist/providers/provider.js +9 -0
package/dist/providers/router.d.ts +14 -0
package/dist/providers/router.js +486 -0
package/dist/providers/runner/deepseek-helpers.d.ts +38 -0
package/dist/providers/runner/deepseek-helpers.js +150 -0
package/dist/providers/runner/env.d.ts +12 -0
package/dist/providers/runner/env.js +98 -0
package/dist/providers/runner/execution.d.ts +26 -0
package/dist/providers/runner/execution.js +42 -0
package/dist/providers/runner/helpers.d.ts +9 -0
package/dist/providers/runner/helpers.js +38 -0
package/dist/providers/runner/results.d.ts +26 -0
package/dist/providers/runner/results.js +104 -0
package/dist/providers/thinking-levels.d.ts +7 -0
package/dist/providers/thinking-levels.js +67 -0
package/dist/providers/types.d.ts +139 -0
package/dist/providers/types.js +60 -0
package/dist/replay/differ.d.ts +5 -0
package/dist/replay/differ.js +314 -0
package/dist/replay/index.d.ts +6 -0
package/dist/replay/index.js +4 -0
package/dist/replay/inspector.d.ts +14 -0
package/dist/replay/inspector.js +264 -0
package/dist/replay/manifest-builder.d.ts +11 -0
package/dist/replay/manifest-builder.js +184 -0
package/dist/replay/replay-engine.d.ts +18 -0
package/dist/replay/replay-engine.js +265 -0
package/dist/runtime/adapter.d.ts +77 -0
package/dist/runtime/adapter.js +28 -0
package/dist/runtime/agent-runtime.d.ts +123 -0
package/dist/runtime/agent-runtime.js +18 -0
package/dist/runtime/cache-stable-session.d.ts +55 -0
package/dist/runtime/cache-stable-session.js +108 -0
package/dist/runtime/capability-injection.d.ts +39 -0
package/dist/runtime/capability-injection.js +93 -0
package/dist/runtime/chat-advisory-runtime.d.ts +2 -0
package/dist/runtime/chat-advisory-runtime.js +71 -0
package/dist/runtime/child-env.d.ts +31 -0
package/dist/runtime/child-env.js +131 -0
package/dist/runtime/codex-cli-runtime.d.ts +10 -0
package/dist/runtime/codex-cli-runtime.js +78 -0
package/dist/runtime/codex-runtime.d.ts +35 -0
package/dist/runtime/codex-runtime.js +264 -0
package/dist/runtime/command-bus.d.ts +13 -0
package/dist/runtime/command-bus.js +57 -0
package/dist/runtime/context-broker-converter.d.ts +9 -0
package/dist/runtime/context-broker-converter.js +96 -0
package/dist/runtime/context-broker.d.ts +25 -0
package/dist/runtime/context-broker.js +308 -0
package/dist/runtime/context-budget-optimizer.d.ts +73 -0
package/dist/runtime/context-budget-optimizer.js +300 -0
package/dist/runtime/context-capsule.d.ts +81 -0
package/dist/runtime/context-capsule.js +46 -0
package/dist/runtime/contracts/command-envelope.d.ts +99 -0
package/dist/runtime/contracts/command-envelope.js +5 -0
package/dist/runtime/contracts/reasoning-trace.d.ts +120 -0
package/dist/runtime/contracts/reasoning-trace.js +10 -0
package/dist/runtime/contracts/shared.d.ts +34 -0
package/dist/runtime/contracts/shared.js +12 -0
package/dist/runtime/core-verified-preset.d.ts +37 -0
package/dist/runtime/core-verified-preset.js +205 -0
package/dist/runtime/debloat-nlp.d.ts +140 -0
package/dist/runtime/debloat-nlp.js +398 -0
package/dist/runtime/deepseek-runtime.d.ts +28 -0
package/dist/runtime/deepseek-runtime.js +270 -0
package/dist/runtime/external-cli-adapter.d.ts +29 -0
package/dist/runtime/external-cli-adapter.js +283 -0
package/dist/runtime/index.d.ts +8 -0
package/dist/runtime/index.js +8 -0
package/dist/runtime/kimi-api-runtime.d.ts +52 -0
package/dist/runtime/kimi-api-runtime.js +367 -0
package/dist/runtime/kimi-print-runtime.d.ts +10 -0
package/dist/runtime/kimi-print-runtime.js +87 -0
package/dist/runtime/kimi-wire-protocol-runtime.d.ts +44 -0
package/dist/runtime/kimi-wire-protocol-runtime.js +436 -0
package/dist/runtime/kimi-wire-runtime.d.ts +17 -0
package/dist/runtime/kimi-wire-runtime.js +112 -0
package/dist/runtime/legacy-bridge.d.ts +14 -0
package/dist/runtime/legacy-bridge.js +27 -0
package/dist/runtime/local-llm-runtime.d.ts +29 -0
package/dist/runtime/local-llm-runtime.js +231 -0
package/dist/runtime/mimo-api-runtime.d.ts +13 -0
package/dist/runtime/mimo-api-runtime.js +24 -0
package/dist/runtime/nlg-renderer.d.ts +38 -0
package/dist/runtime/nlg-renderer.js +132 -0
package/dist/runtime/output-router.d.ts +20 -0
package/dist/runtime/output-router.js +171 -0
package/dist/runtime/process-session.d.ts +27 -0
package/dist/runtime/process-session.js +35 -0
package/dist/runtime/prompt-envelope.d.ts +28 -0
package/dist/runtime/prompt-envelope.js +78 -0
package/dist/runtime/provider-event-normalizer.d.ts +117 -0
package/dist/runtime/provider-event-normalizer.js +454 -0
package/dist/runtime/provider-tool-contracts.d.ts +24 -0
package/dist/runtime/provider-tool-contracts.js +56 -0
package/dist/runtime/reasoning-trace.d.ts +46 -0
package/dist/runtime/reasoning-trace.js +289 -0
package/dist/runtime/renderers.d.ts +33 -0
package/dist/runtime/renderers.js +221 -0
package/dist/runtime/runtime-backed-task-runner.d.ts +20 -0
package/dist/runtime/runtime-backed-task-runner.js +166 -0
package/dist/runtime/runtime-bootstrap.d.ts +21 -0
package/dist/runtime/runtime-bootstrap.js +208 -0
package/dist/runtime/runtime-registry.d.ts +23 -0
package/dist/runtime/runtime-registry.js +95 -0
package/dist/runtime/runtime-router.d.ts +51 -0
package/dist/runtime/runtime-router.js +620 -0
package/dist/runtime/sandbox-profile.d.ts +25 -0
package/dist/runtime/sandbox-profile.js +35 -0
package/dist/runtime/slash-commands.d.ts +46 -0
package/dist/runtime/slash-commands.js +321 -0
package/dist/runtime/stable-json.d.ts +9 -0
package/dist/runtime/stable-json.js +45 -0
package/dist/runtime/tool-call-repair.d.ts +35 -0
package/dist/runtime/tool-call-repair.js +181 -0
package/dist/runtime/tool-dispatch-contracts.d.ts +8 -0
package/dist/runtime/tool-dispatch-contracts.js +32 -0
package/dist/runtime/tool-plane.d.ts +31 -0
package/dist/runtime/tool-plane.js +112 -0
package/dist/runtime/tool-proxy.d.ts +20 -0
package/dist/runtime/tool-proxy.js +109 -0
package/dist/runtime/tool-registry-contract.d.ts +40 -0
package/dist/runtime/tool-registry-contract.js +52 -0
package/dist/runtime/ui-components.d.ts +64 -0
package/dist/runtime/ui-components.js +232 -0
package/dist/runtime/worker-manifest.d.ts +34 -0
package/dist/runtime/worker-manifest.js +204 -0
package/dist/safety/approval-policy.d.ts +4 -0
package/dist/safety/approval-policy.js +33 -0
package/dist/safety/guard-hooks.d.ts +3 -0
package/dist/safety/guard-hooks.js +64 -0
package/dist/schema/decision.schema.d.ts +57 -0
package/dist/schema/decision.schema.js +32 -0
package/dist/schema/envelope.schema.d.ts +216 -0
package/dist/schema/envelope.schema.js +38 -0
package/dist/schema/error.schema.d.ts +51 -0
package/dist/schema/error.schema.js +12 -0
package/dist/schema/evidence.schema.d.ts +58 -0
package/dist/schema/evidence.schema.js +31 -0
package/dist/schema/index.d.ts +8 -0
package/dist/schema/index.js +8 -0
package/dist/schema/proof-bundle.schema.d.ts +150 -0
package/dist/schema/proof-bundle.schema.js +42 -0
package/dist/schema/provider.schema.d.ts +138 -0
package/dist/schema/provider.schema.js +35 -0
package/dist/schema/run-manifest.schema.d.ts +168 -0
package/dist/schema/run-manifest.schema.js +35 -0
package/dist/schema/version.schema.d.ts +64 -0
package/dist/schema/version.schema.js +21 -0
package/dist/theme/ansi.d.ts +15 -0
package/dist/theme/ansi.js +41 -0
package/dist/theme/colors.d.ts +87 -0
package/dist/theme/colors.js +105 -0
package/dist/theme/hud-theme.d.ts +6 -0
package/dist/theme/hud-theme.js +41 -0
package/dist/theme/index.d.ts +12 -0
package/dist/theme/index.js +20 -0
package/dist/theme/layout.d.ts +24 -0
package/dist/theme/layout.js +139 -0
package/dist/theme/metrics.d.ts +23 -0
package/dist/theme/metrics.js +93 -0
package/dist/theme/parallel.d.ts +68 -0
package/dist/theme/parallel.js +345 -0
package/dist/theme/working-indicator.d.ts +38 -0
package/dist/theme/working-indicator.js +149 -0
package/dist/tui/model.d.ts +28 -0
package/dist/tui/model.js +1 -0
package/dist/tui/terminal-frame-renderer.d.ts +19 -0
package/dist/tui/terminal-frame-renderer.js +60 -0
package/dist/tui/views/capabilities-view.d.ts +3 -0
package/dist/tui/views/capabilities-view.js +13 -0
package/dist/tui/views/common.d.ts +11 -0
package/dist/tui/views/common.js +35 -0
package/dist/tui/views/dag-view.d.ts +3 -0
package/dist/tui/views/dag-view.js +12 -0
package/dist/tui/views/evidence-view.d.ts +3 -0
package/dist/tui/views/evidence-view.js +18 -0
package/dist/tui/views/index.d.ts +4 -0
package/dist/tui/views/index.js +3 -0
package/dist/ui/omk-sigil.d.ts +13 -0
package/dist/ui/omk-sigil.js +277 -0
package/dist/ui/omk-working-sweep.d.ts +61 -0
package/dist/ui/omk-working-sweep.js +416 -0
package/dist/util/agent-schema.d.ts +24 -0
package/dist/util/agent-schema.js +293 -0
package/dist/util/appshot-store.d.ts +68 -0
package/dist/util/appshot-store.js +506 -0
package/dist/util/chat-agent-mode.d.ts +173 -0
package/dist/util/chat-agent-mode.js +905 -0
package/dist/util/chat-cockpit.d.ts +45 -0
package/dist/util/chat-cockpit.js +293 -0
package/dist/util/chat-startup.d.ts +35 -0
package/dist/util/chat-startup.js +330 -0
package/dist/util/chat-state.d.ts +27 -0
package/dist/util/chat-state.js +105 -0
package/dist/util/checkpoint.d.ts +21 -0
package/dist/util/checkpoint.js +238 -0
package/dist/util/cli-contract.d.ts +46 -0
package/dist/util/cli-contract.js +72 -0
package/dist/util/cron-engine.d.ts +24 -0
package/dist/util/cron-engine.js +227 -0
package/dist/util/events-logger.d.ts +30 -0
package/dist/util/events-logger.js +135 -0
package/dist/util/execution-selection.d.ts +13 -0
package/dist/util/execution-selection.js +82 -0
package/dist/util/first-run-star.d.ts +49 -0
package/dist/util/first-run-star.js +223 -0
package/dist/util/fs.d.ts +128 -0
package/dist/util/fs.js +1757 -0
package/dist/util/git.d.ts +11 -0
package/dist/util/git.js +39 -0
package/dist/util/help-text.d.ts +1 -0
package/dist/util/help-text.js +60 -0
package/dist/util/i18n.d.ts +10 -0
package/dist/util/i18n.js +848 -0
package/dist/util/json-envelope.d.ts +15 -0
package/dist/util/json-envelope.js +28 -0
package/dist/util/mcp-preflight.d.ts +26 -0
package/dist/util/mcp-preflight.js +29 -0
package/dist/util/mode-preset.d.ts +29 -0
package/dist/util/mode-preset.js +222 -0
package/dist/util/mode-selector.d.ts +6 -0
package/dist/util/mode-selector.js +74 -0
package/dist/util/native-safety.d.ts +28 -0
package/dist/util/native-safety.js +118 -0
package/dist/util/output-buffer.d.ts +12 -0
package/dist/util/output-buffer.js +59 -0
package/dist/util/process-tree.d.ts +18 -0
package/dist/util/process-tree.js +102 -0
package/dist/util/project-root.d.ts +27 -0
package/dist/util/project-root.js +382 -0
package/dist/util/provider-usage.d.ts +2 -0
package/dist/util/provider-usage.js +1 -0
package/dist/util/reasoning-nlp.d.ts +84 -0
package/dist/util/reasoning-nlp.js +325 -0
package/dist/util/resource-profile.d.ts +32 -0
package/dist/util/resource-profile.js +219 -0
package/dist/util/run-store.d.ts +38 -0
package/dist/util/run-store.js +151 -0
package/dist/util/run-view-model.d.ts +111 -0
package/dist/util/run-view-model.js +333 -0
package/dist/util/runtime-profile.d.ts +34 -0
package/dist/util/runtime-profile.js +149 -0
package/dist/util/runtime-scope.d.ts +2 -0
package/dist/util/runtime-scope.js +19 -0
package/dist/util/scoped-agent-file.d.ts +47 -0
package/dist/util/scoped-agent-file.js +121 -0
package/dist/util/screenshot-store.d.ts +35 -0
package/dist/util/screenshot-store.js +310 -0
package/dist/util/secret-mask.d.ts +5 -0
package/dist/util/secret-mask.js +41 -0
package/dist/util/session.d.ts +19 -0
package/dist/util/session.js +80 -0
package/dist/util/shell.d.ts +30 -0
package/dist/util/shell.js +350 -0
package/dist/util/snippet.d.ts +17 -0
package/dist/util/snippet.js +110 -0
package/dist/util/sync-manifest.d.ts +13 -0
package/dist/util/sync-manifest.js +22 -0
package/dist/util/terminal-input.d.ts +25 -0
package/dist/util/terminal-input.js +35 -0
package/dist/util/terminal-layout.d.ts +18 -0
package/dist/util/terminal-layout.js +108 -0
package/dist/util/terminal-owner.d.ts +19 -0
package/dist/util/terminal-owner.js +64 -0
package/dist/util/theme.d.ts +9 -0
package/dist/util/theme.js +9 -0
package/dist/util/timeout-config.d.ts +18 -0
package/dist/util/timeout-config.js +101 -0
package/dist/util/todo-sync.d.ts +58 -0
package/dist/util/todo-sync.js +473 -0
package/dist/util/update-check.d.ts +89 -0
package/dist/util/update-check.js +321 -0
package/dist/util/usage-view-model.d.ts +22 -0
package/dist/util/usage-view-model.js +57 -0
package/dist/util/user-visible-output.d.ts +19 -0
package/dist/util/user-visible-output.js +48 -0
package/dist/util/version.d.ts +4 -0
package/dist/util/version.js +51 -0
package/dist/util/worktree.d.ts +10 -0
package/dist/util/worktree.js +165 -0
package/dist/ux/explain-loop-decision.d.ts +4 -0
package/dist/ux/explain-loop-decision.js +55 -0
package/dist/ux/intent-router.d.ts +15 -0
package/dist/ux/intent-router.js +64 -0
package/dist/ux/natural-entrypoint.d.ts +21 -0
package/dist/ux/natural-entrypoint.js +122 -0
package/dist/version.d.ts +11 -0
package/dist/version.js +18 -0
package/dist/web-bridge/host.d.ts +8 -0
package/dist/web-bridge/host.js +109 -0
package/dist/web-bridge/native-host.d.ts +6 -0
package/dist/web-bridge/native-host.js +40 -0
package/dist/web-bridge/status.d.ts +84 -0
package/dist/web-bridge/status.js +201 -0
package/docs/2026-05-01-16gb-lite-mode.md +37 -0
package/docs/2026-05-01-critical-issues-and-improvements.md +361 -0
package/docs/2026-05-01-dag-ensemble-runtime.md +74 -0
package/docs/2026-05-02-p1-p2-hardening-handoff.md +139 -0
package/docs/2026-05-05-adjustable-timeouts-and-cron-jobs.md +252 -0
package/docs/2026-05-08-omk-hardening-plan.md +62 -0
package/docs/2026-05-14/critical-issues.md +20 -0
package/docs/2026-05-14/improvements.md +14 -0
package/docs/2026-05-14/init-checklist.md +25 -0
package/docs/2026-05-14/plan.md +20 -0
package/docs/2026-05-15/critical-issues.md +20 -0
package/docs/2026-05-15/improvements.md +14 -0
package/docs/2026-05-15/init-checklist.md +25 -0
package/docs/2026-05-15/plan.md +20 -0
package/docs/2026-05-16/critical-issues.md +20 -0
package/docs/2026-05-16/improvements.md +14 -0
package/docs/2026-05-16/init-checklist.md +25 -0
package/docs/2026-05-16/plan.md +20 -0
package/docs/2026-05-17/critical-issues.md +20 -0
package/docs/2026-05-17/improvements.md +14 -0
package/docs/2026-05-17/init-checklist.md +25 -0
package/docs/2026-05-17/plan.md +20 -0
package/docs/2026-05-18/improvements.md +14 -0
package/docs/2026-05-18/init-checklist.md +25 -0
package/docs/2026-05-18/plan.md +20 -0
package/docs/2026-05-18-critical-issues-and-improvements.md +441 -0
package/docs/2026-05-18-project-direction.md +223 -0
package/docs/2026-05-19/critical-issues.md +20 -0
package/docs/2026-05-19/improvements.md +14 -0
package/docs/2026-05-19/init-checklist.md +25 -0
package/docs/2026-05-19/plan.md +20 -0
package/docs/2026-05-20/critical-issues.md +20 -0
package/docs/2026-05-20/improvements.md +14 -0
package/docs/2026-05-20/init-checklist.md +25 -0
package/docs/2026-05-20/plan.md +20 -0
package/docs/2026-05-21/critical-issues.md +20 -0
package/docs/2026-05-21/improvements.md +14 -0
package/docs/2026-05-21/init-checklist.md +25 -0
package/docs/2026-05-21/plan.md +20 -0
package/docs/2026-05-22/critical-issues.md +20 -0
package/docs/2026-05-22/improvements.md +14 -0
package/docs/2026-05-22/init-checklist.md +25 -0
package/docs/2026-05-22/plan.md +20 -0
package/docs/2026-05-23/critical-issues.md +20 -0
package/docs/2026-05-23/improvements.md +14 -0
package/docs/2026-05-23/init-checklist.md +25 -0
package/docs/2026-05-23/plan.md +20 -0
package/docs/2026-05-24/critical-issues.md +30 -0
package/docs/2026-05-24/improvements.md +23 -0
package/docs/2026-05-24/init-checklist.md +25 -0
package/docs/2026-05-24/plan.md +22 -0
package/docs/2026-05-25/critical-issues.md +20 -0
package/docs/2026-05-25/improvements.md +14 -0
package/docs/2026-05-25/init-checklist.md +25 -0
package/docs/2026-05-25/plan.md +20 -0
package/docs/2026-05-26/critical-issues.md +20 -0
package/docs/2026-05-26/improvements.md +14 -0
package/docs/2026-05-26/init-checklist.md +25 -0
package/docs/2026-05-26/plan.md +20 -0
package/docs/2026-05-27/critical-issues.md +20 -0
package/docs/2026-05-27/improvements.md +14 -0
package/docs/2026-05-27/init-checklist.md +25 -0
package/docs/2026-05-27/plan.md +20 -0
package/docs/2026-05-28/critical-issues.md +20 -0
package/docs/2026-05-28/improvements.md +14 -0
package/docs/2026-05-28/init-checklist.md +25 -0
package/docs/2026-05-28/plan.md +20 -0
package/docs/2026-05-29/critical-issues.md +20 -0
package/docs/2026-05-29/improvements.md +14 -0
package/docs/2026-05-29/init-checklist.md +25 -0
package/docs/2026-05-29/plan.md +20 -0
package/docs/2026-05-30/critical-issues.md +20 -0
package/docs/2026-05-30/improvements.md +14 -0
package/docs/2026-05-30/init-checklist.md +25 -0
package/docs/2026-05-30/plan.md +20 -0
package/docs/2026-05-31/critical-issues.md +20 -0
package/docs/2026-05-31/improvements.md +14 -0
package/docs/2026-05-31/init-checklist.md +25 -0
package/docs/2026-05-31/plan.md +20 -0
package/docs/2026-06-01/critical-issues.md +20 -0
package/docs/2026-06-01/improvements.md +14 -0
package/docs/2026-06-01/init-checklist.md +25 -0
package/docs/2026-06-01/plan.md +20 -0
package/docs/2026-06-02/critical-issues.md +20 -0
package/docs/2026-06-02/improvements.md +14 -0
package/docs/2026-06-02/init-checklist.md +25 -0
package/docs/2026-06-02/plan.md +20 -0
package/docs/2026-06-03/critical-issues.md +20 -0
package/docs/2026-06-03/improvements.md +14 -0
package/docs/2026-06-03/init-checklist.md +25 -0
package/docs/2026-06-03/plan.md +20 -0
package/docs/2026-06-04/critical-issues.md +20 -0
package/docs/2026-06-04/improvements.md +14 -0
package/docs/2026-06-04/init-checklist.md +25 -0
package/docs/2026-06-04/plan.md +20 -0
package/docs/2026-06-05/critical-issues.md +20 -0
package/docs/2026-06-05/improvements.md +14 -0
package/docs/2026-06-05/init-checklist.md +25 -0
package/docs/2026-06-05/plan.md +20 -0
package/docs/2026-06-06/critical-issues.md +20 -0
package/docs/2026-06-06/improvements.md +14 -0
package/docs/2026-06-06/init-checklist.md +25 -0
package/docs/2026-06-06/plan.md +20 -0
package/docs/2026-06-07/critical-issues.md +20 -0
package/docs/2026-06-07/improvements.md +14 -0
package/docs/2026-06-07/init-checklist.md +25 -0
package/docs/2026-06-07/plan.md +20 -0
package/docs/GSTACK_MIGRATION.md +169 -0
package/docs/OMK_CLI_V2_RUNTIME_ARCHITECTURE.md +2058 -0
package/docs/cli-v2-migration.md +87 -0
package/docs/codex-oauth-setup.md +48 -0
package/docs/demo/verified-run/README.md +32 -0
package/docs/demo/verified-run/artifacts/README.md +18 -0
package/docs/demo/verified-run/capture-plan.md +51 -0
package/docs/demo/verified-run/generated-diff.md +27 -0
package/docs/demo/verified-run/raw-prompt.md +21 -0
package/docs/demo/verified-run/video-shot-list.md +14 -0
package/docs/design-md.md +35 -0
package/docs/getting-started.md +37 -0
package/docs/hud-and-parallel-ux.md +155 -0
package/docs/kimi-oauth-usage-status.md +33 -0
package/docs/kimi-okabe-dmail.md +44 -0
package/docs/local-graph-memory.md +102 -0
package/docs/lsp.md +48 -0
package/docs/mcp-ontology-proposal.md +12 -0
package/docs/native-root-runtime-algorithms.md +402 -0
package/docs/native-root-runtime-hardening.md +131 -0
package/docs/neo4j-memory.md +5 -0
package/docs/openai-platform-image-keys.md +23 -0
package/docs/phase1-final-report.md +154 -0
package/docs/provider-maturity.md +44 -0
package/docs/runtime-architecture.md +89 -0
package/docs/versioning.md +49 -0
package/llms.txt +38 -0
package/package.json +188 -0
package/readmeasset/.npmignore +20 -0
package/readmeasset/ASSET_INDEX.md +36 -0
package/readmeasset/ASSET_PROVENANCE.md +94 -0
package/readmeasset/omk-control.webp +0 -0
package/readmeasset/omk-core-loop.svg +25 -0
package/readmeasset/omk-evidence-gate-card.png +0 -0
package/readmeasset/omk-github-banner.webp +0 -0
package/readmeasset/omk-github-header.webp +0 -0
package/readmeasset/omk-install-card.png +0 -0
package/readmeasset/omk-logo-512.png +0 -0
package/readmeasset/omk-logo-mark.svg +7 -0
package/readmeasset/omk-provider-router-card.png +0 -0
package/readmeasset/omk-runtime-flow-0.78.0.webp +0 -0
package/readmeasset/omk-social-preview.png +0 -0
package/readmeasset/omk-tui-0.78.0.webp +0 -0
package/readmeasset/omk_tui.png +0 -0
package/templates/.kimi/AGENTS.md +93 -0
package/templates/.omk/agents/okabe.yaml +30 -0
package/templates/.omk/agents/roles/aggregator.yaml +13 -0
package/templates/.omk/agents/roles/architect.yaml +13 -0
package/templates/.omk/agents/roles/coder.yaml +9 -0
package/templates/.omk/agents/roles/explorer.yaml +13 -0
package/templates/.omk/agents/roles/integrator.yaml +13 -0
package/templates/.omk/agents/roles/interviewer.yaml +13 -0
package/templates/.omk/agents/roles/ontology.yaml +18 -0
package/templates/.omk/agents/roles/planner.yaml +13 -0
package/templates/.omk/agents/roles/qa.yaml +12 -0
package/templates/.omk/agents/roles/researcher.yaml +13 -0
package/templates/.omk/agents/roles/reviewer.yaml +13 -0
package/templates/.omk/agents/roles/router.yaml +13 -0
package/templates/.omk/agents/roles/security.yaml +12 -0
package/templates/.omk/agents/roles/tester.yaml +12 -0
package/templates/.omk/agents/roles/vision-debugger.yaml +12 -0
package/templates/.omk/agents/root.yaml +62 -0
package/templates/.omk/lsp.json +27 -0
package/templates/.omk/prompts/root.md +74 -0
package/templates/AGENTS.md +510 -0
package/templates/skills/agents/agentmemory/SKILL.md +40 -0
package/templates/skills/agents/andrej-karpathy-skills/SKILL.md +41 -0
package/templates/skills/agents/claude-for-legal/SKILL.md +63 -0
package/templates/skills/agents/claude-for-legal/references/workflow-catalog.md +38 -0
package/templates/skills/agents/matt-pocock-skills/SKILL.md +40 -0
package/templates/skills/agents/multica/SKILL.md +40 -0
package/templates/skills/agents/omk-adaptorch-orchestration-review/SKILL.md +52 -0
package/templates/skills/agents/omk-backend-api-review/SKILL.md +30 -0
package/templates/skills/agents/omk-code-review/SKILL.md +40 -0
package/templates/skills/agents/omk-context-broker/SKILL.md +57 -0
package/templates/skills/agents/omk-control-loop-debugger/SKILL.md +49 -0
package/templates/skills/agents/omk-design-system/SKILL.md +22 -0
package/templates/skills/agents/omk-docs-release/SKILL.md +42 -0
package/templates/skills/agents/omk-evidence-contract/SKILL.md +52 -0
package/templates/skills/agents/omk-frontend-implementation/SKILL.md +13 -0
package/templates/skills/agents/omk-frontend-ui-review/SKILL.md +29 -0
package/templates/skills/agents/omk-git-commit-pr/SKILL.md +45 -0
package/templates/skills/agents/omk-industrial-control-loop/SKILL.md +33 -0
package/templates/skills/agents/omk-plan-first/SKILL.md +39 -0
package/templates/skills/agents/omk-project-rules/SKILL.md +46 -0
package/templates/skills/agents/omk-python-typing/SKILL.md +33 -0
package/templates/skills/agents/omk-quality-gate/SKILL.md +54 -0
package/templates/skills/agents/omk-repo-explorer/SKILL.md +33 -0
package/templates/skills/agents/omk-research-verify/SKILL.md +30 -0
package/templates/skills/agents/omk-secret-guard/SKILL.md +23 -0
package/templates/skills/agents/omk-security-review/SKILL.md +49 -0
package/templates/skills/agents/omk-test-debug-loop/SKILL.md +43 -0
package/templates/skills/agents/omk-troubleshooting/SKILL.md +14 -0
package/templates/skills/agents/omk-typescript-strict/SKILL.md +38 -0
package/templates/skills/agents/omk-worktree-team/SKILL.md +44 -0
package/templates/skills/agents/react-doctor/SKILL.md +46 -0
package/templates/skills/kimi/agentmemory/SKILL.md +40 -0
package/templates/skills/kimi/andrej-karpathy-skills/SKILL.md +41 -0
package/templates/skills/kimi/awesome-design-md/SKILL.md +54 -0
package/templates/skills/kimi/claude-for-legal/SKILL.md +63 -0
package/templates/skills/kimi/claude-for-legal/references/workflow-catalog.md +38 -0
package/templates/skills/kimi/deepseek-api/SKILL.md +27 -0
package/templates/skills/kimi/deepseek-disable/SKILL.md +20 -0
package/templates/skills/kimi/deepseek-enable/SKILL.md +20 -0
package/templates/skills/kimi/deepseekset/SKILL.md +27 -0
package/templates/skills/kimi/graph-view/SKILL.md +29 -0
package/templates/skills/kimi/matt-pocock-skills/SKILL.md +40 -0
package/templates/skills/kimi/mcp-install/SKILL.md +66 -0
package/templates/skills/kimi/multica/SKILL.md +40 -0
package/templates/skills/kimi/omk-adaptorch-orchestration-review/SKILL.md +52 -0
package/templates/skills/kimi/omk-backend-api-review/SKILL.md +30 -0
package/templates/skills/kimi/omk-code-review/SKILL.md +34 -0
package/templates/skills/kimi/omk-context-broker/SKILL.md +57 -0
package/templates/skills/kimi/omk-control-loop-debugger/SKILL.md +49 -0
package/templates/skills/kimi/omk-design-md/SKILL.md +55 -0
package/templates/skills/kimi/omk-design-system/SKILL.md +22 -0
package/templates/skills/kimi/omk-docs-release/SKILL.md +42 -0
package/templates/skills/kimi/omk-evidence-contract/SKILL.md +52 -0
package/templates/skills/kimi/omk-flow-bugfix/SKILL.md +20 -0
package/templates/skills/kimi/omk-flow-design-to-code/SKILL.md +23 -0
package/templates/skills/kimi/omk-flow-feature-dev/SKILL.md +24 -0
package/templates/skills/kimi/omk-flow-pr-review/SKILL.md +17 -0
package/templates/skills/kimi/omk-flow-refactor/SKILL.md +21 -0
package/templates/skills/kimi/omk-flow-release/SKILL.md +20 -0
package/templates/skills/kimi/omk-flow-team-run/SKILL.md +24 -0
package/templates/skills/kimi/omk-frontend-implementation/SKILL.md +13 -0
package/templates/skills/kimi/omk-frontend-ui-review/SKILL.md +29 -0
package/templates/skills/kimi/omk-git-commit-pr/SKILL.md +45 -0
package/templates/skills/kimi/omk-global-rules/SKILL.md +31 -0
package/templates/skills/kimi/omk-industrial-control-loop/SKILL.md +33 -0
package/templates/skills/kimi/omk-kimi-runtime/SKILL.md +46 -0
package/templates/skills/kimi/omk-multimodal-ui-review/SKILL.md +26 -0
package/templates/skills/kimi/omk-plan-first/SKILL.md +39 -0
package/templates/skills/kimi/omk-project-rules/SKILL.md +21 -0
package/templates/skills/kimi/omk-python-typing/SKILL.md +33 -0
package/templates/skills/kimi/omk-quality-gate/SKILL.md +36 -0
package/templates/skills/kimi/omk-repo-explorer/SKILL.md +33 -0
package/templates/skills/kimi/omk-research-verify/SKILL.md +30 -0
package/templates/skills/kimi/omk-secret-guard/SKILL.md +23 -0
package/templates/skills/kimi/omk-security-review/SKILL.md +49 -0
package/templates/skills/kimi/omk-task-router/SKILL.md +27 -0
package/templates/skills/kimi/omk-test-debug-loop/SKILL.md +43 -0
package/templates/skills/kimi/omk-typescript-strict/SKILL.md +38 -0
package/templates/skills/kimi/omk-worktree-team/SKILL.md +44 -0
package/templates/skills/kimi/open-design/SKILL.md +56 -0
package/templates/skills/kimi/provider/SKILL.md +47 -0
package/templates/skills/kimi/react-doctor/SKILL.md +46 -0
package/templates/skills/kimi/speckit-analyze/SKILL.md +255 -0
package/templates/skills/kimi/speckit-checklist/SKILL.md +367 -0
package/templates/skills/kimi/speckit-clarify/SKILL.md +249 -0
package/templates/skills/kimi/speckit-constitution/SKILL.md +152 -0
package/templates/skills/kimi/speckit-implement/SKILL.md +204 -0
package/templates/skills/kimi/speckit-plan/SKILL.md +147 -0
package/templates/skills/kimi/speckit-specify/SKILL.md +325 -0
package/templates/skills/kimi/speckit-tasks/SKILL.md +197 -0
package/templates/skills/kimi/speckit-taskstoissues/SKILL.md +101 -0
package/templates/skills/kimi/think/SKILL.md +41 -0
package/templates/spec-kit-omk-preset/commands/plan.md +21 -0
package/templates/spec-kit-omk-preset/commands/tasks.md +21 -0
package/templates/spec-kit-omk-preset/preset.yml +12 -0
package/templates/spec-kit-omk-preset/templates/plan-template.md +75 -0
package/templates/spec-kit-omk-preset/templates/spec-template.md +80 -0
package/templates/spec-kit-omk-preset/templates/tasks-template.md +160 -0
package/templates/web-bridge/chrome-extension/README.md +18 -0
package/templates/web-bridge/chrome-extension/background.js +57 -0
package/templates/web-bridge/chrome-extension/content-script.js +46 -0
package/templates/web-bridge/chrome-extension/manifest.json +16 -0
package/templates/web-bridge/chrome-extension/popup.html +21 -0
package/templates/web-bridge/chrome-extension/popup.js +9 -0

package/dist/commands/init/content.js ADDED Viewed

@@ -0,0 +1,1783 @@
+export const OKABE_AGENT_YAML = `version: 1
+agent:
+  extend: default
+  name: omk-okabe-base
+  # Provider adapters may require an explicit non-empty tools list for custom --agent-file configs.
+  # Keep the full OMK native tool surface, including Agent for parallel subagents
+  # and SendDMail for Okabe checkpoints; MCP/skills/hooks are injected by runtime config.
+  tools:
+    - "kimi_cli.tools.agent:Agent"
+    - "kimi_cli.tools.ask_user:AskUserQuestion"
+    - "kimi_cli.tools.todo:SetTodoList"
+    - "kimi_cli.tools.shell:Shell"
+    - "kimi_cli.tools.file:ReadFile"
+    - "kimi_cli.tools.file:ReadMediaFile"
+    - "kimi_cli.tools.file:Glob"
+    - "kimi_cli.tools.file:Grep"
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.web:SearchWeb"
+    - "kimi_cli.tools.web:FetchURL"
+    - "kimi_cli.tools.plan.enter:EnterPlanMode"
+    - "kimi_cli.tools.plan:ExitPlanMode"
+    - "kimi_cli.tools.background:TaskList"
+    - "kimi_cli.tools.background:TaskOutput"
+    - "kimi_cli.tools.background:TaskStop"
+    - "kimi_cli.tools.dmail:SendDMail"
+  system_prompt_args:
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+`;
+export const ROOT_AGENT_YAML = `version: 1
+agent:
+  extend: ./okabe.yaml  # Inherits OMK adapter tools plus scoped MCP/skills/hooks flags
+  name: omk-root
+  system_prompt_path: ../prompts/root.md
+  system_prompt_args:
+    OMK_ROLE: "root-coordinator"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  subagents:
+    explorer:
+      path: ./roles/explorer.yaml
+      description: "Read-only repository exploration and context mapping with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    explore:
+      path: ./roles/explorer.yaml
+      description: "Alias for explorer; kept for compatibility with older OMK instructions"
+    planner:
+      path: ./roles/planner.yaml
+      description: "Architecture, refactor, migration, and implementation planning with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    plan:
+      path: ./roles/planner.yaml
+      description: "Alias for planner; kept for compatibility with older OMK instructions"
+    router:
+      path: ./roles/router.yaml
+      description: "Task routing, skill/MCP/hook fit, context budgeting, and parallel/sequential lane decisions with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    architect:
+      path: ./roles/architect.yaml
+      description: "Read-only architecture and migration design with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    coder:
+      path: ./roles/coder.yaml
+      description: "Scoped implementation in the current project with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    reviewer:
+      path: ./roles/reviewer.yaml
+      description: "Adversarial code review and risk detection with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    security:
+      path: ./roles/security.yaml
+      description: "Security, secret, permission, and trust-boundary review with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    qa:
+      path: ./roles/qa.yaml
+      description: "Run and analyze lint, typecheck, test, and build results with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    tester:
+      path: ./roles/tester.yaml
+      description: "Focused regression and edge-case testing with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    researcher:
+      path: ./roles/researcher.yaml
+      description: "Reference-backed research and external documentation checks with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    integrator:
+      path: ./roles/integrator.yaml
+      description: "Merge coordination and final synthesis with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    aggregator:
+      path: ./roles/aggregator.yaml
+      description: "Parallel-lane result aggregation with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    interviewer:
+      path: ./roles/interviewer.yaml
+      description: "Requirement clarification and acceptance criteria discovery with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    ontology:
+      path: ./roles/ontology.yaml
+      description: "Project graph memory and ontology curation with scoped MCP, skills, and hooks access when enabled by runtime scope"
+    vision-debugger:
+      path: ./roles/vision-debugger.yaml
+      description: "Screenshot and multimodal debugging with scoped MCP, skills, and hooks access when enabled by runtime scope"
+`;
+export const ROLE_YAMLS = {
+    interviewer: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-interviewer
+  system_prompt_args:
+    OMK_ROLE: "interviewer"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    architect: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-architect
+  system_prompt_args:
+    OMK_ROLE: "architect"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    planner: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-planner
+  system_prompt_args:
+    OMK_ROLE: "planner"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    router: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-router
+  system_prompt_args:
+    OMK_ROLE: "router"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    explorer: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-explorer
+  system_prompt_args:
+    OMK_ROLE: "explorer"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    coder: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-coder
+  system_prompt_args:
+    OMK_ROLE: "coder"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+`,
+    reviewer: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-reviewer
+  system_prompt_args:
+    OMK_ROLE: "reviewer"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    security: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-security
+  system_prompt_args:
+    OMK_ROLE: "security"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+`,
+    qa: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-qa
+  system_prompt_args:
+    OMK_ROLE: "qa"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+`,
+    tester: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-tester
+  system_prompt_args:
+    OMK_ROLE: "tester"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+`,
+    integrator: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-integrator
+  system_prompt_args:
+    OMK_ROLE: "integrator"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    aggregator: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-aggregator
+  system_prompt_args:
+    OMK_ROLE: "aggregator"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    researcher: `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-researcher
+  system_prompt_args:
+    OMK_ROLE: "researcher"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    ontology: `version: 1
+agent:
+  extend: ../okabe.yaml
+  name: omk-ontology
+  system_prompt_args:
+    OMK_ROLE: "ontology"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+    - "kimi_cli.tools.shell:Shell"
+`,
+    "vision-debugger": `version: 1
+agent:
+  extend: ../okabe.yaml  # Inherits unrestricted default Kimi tools plus MCP/skills/hooks flags
+  name: omk-vision-debugger
+  system_prompt_args:
+    OMK_ROLE: "vision-debugger"
+    OMK_MCP_ENABLED: "true"
+    OMK_SKILLS_ENABLED: "true"
+    OMK_HOOKS_ENABLED: "true"
+  exclude_tools:
+    - "kimi_cli.tools.file:WriteFile"
+    - "kimi_cli.tools.file:StrReplaceFile"
+`,
+};
+export function getDesignMd(version) {
+    return `---
+title: "Design System"
+description: "Project visual identity and design system"
+version: "${version}"
+---
+# DESIGN.md
+## Overview
+Project visual identity and design system.
+## Colors
+- Primary: #111827
+- Accent: #7C3AED
+- Success: #059669
+- Warning: #D97706
+- Danger: #DC2626
+## Typography
+- Inter, system-ui
+## Rules
+- Use tokens before inventing new values.
+- Keep components compact and status-aware.
+`;
+}
+export const GEMINI_MD = `# GEMINI.md
+@./AGENTS.md
+@./DESIGN.md
+Use AGENTS.md as the canonical project instruction source, including current OMK skills, MCP, agents, and harness policy.
+Use DESIGN.md as the canonical visual identity source.
+Do not duplicate runtime inventories; follow AGENTS.md and \`chat-agent-harness.json\` when present.
+`;
+export const CLAUDE_MD = `# CLAUDE.md
+@./AGENTS.md
+@./DESIGN.md
+Use AGENTS.md as the canonical project instruction source, including current OMK skills, MCP, agents, and harness policy.
+Use DESIGN.md for UI/frontend work.
+Do not duplicate runtime inventories; follow AGENTS.md and \`chat-agent-harness.json\` when present.
+`;
+export const ROADMAP_MD = `# Roadmap
+Current source version: v1.1.18
+Last updated: 2026-05-24
+## Current runtime stance
+OMK is the root orchestrator. Kimi is an authority-capable compatibility provider adapter, not the whole runtime or implicit default. Codex, DeepSeek, OpenCode, CommandCode, OpenRouter, Qwen, Gemini, and Claude run as adapter lanes only when provider health, capability, approval, sandbox, and harness policy match the task.
+- \`omk run\`, \`omk parallel\`, chat harnesses, and DAG replay expose provider routing and evidence-gated lanes.
+- \`omk provider\` / \`omk deepseek\` manage provider enablement, key setup, availability checks, and fallback readiness.
+- DeepSeek is read/review/advisory by default; it must not receive write/shell authority from native chat defaults.
+- The resolved authority provider remains the writer, merger, and final synthesis lane for write/shell/merge work.
+- \`omk graph view\` generates an HTML view from local graph memory.
+- \`omk goal\` has a persisted lifecycle, continue loop, generated plan/evidence criteria, and verification flow.
+## v1.2 — Hardening the current surface
+### P0: native runtime safety hardening
+- Remaining: native chat turn capabilities must be intent-based: read-only by default, write only for edits, shell only for explicit command/build/test work, merge only for merge/release operations.
+- Remaining: \`--execution ask|auto|never\` and sandbox mode must propagate into runtime adapter metadata; provider adapters must not silently collapse ask into never.
+- Remaining: \`authority\`, \`primary\`, and \`omk\` provider policy must resolve to a concrete provider before bootstrap/router execution.
+- Remaining: CLI provider bootstrap must distinguish runtime/binary availability from auth/model/quota readiness.
+- Remaining: MCP, skills, hooks, and tool-plane parse or resolution failures must surface as diagnostics; runtime-required MCP failures should hard fail.
+### P0: release and contract gates
+- Done: YAML validation now runs in local \`verify\` plus CI/smoke workflows.
+- Done: package dry-pack, package audit, tarball smoke, native safety build, and release matrix gates were re-verified against v1.1.17 artifacts.
+- Done: provider/deepseek and screenshot JSON command contracts gained hermetic regression tests.
+- Done: current AGENTS/init templates and packaged workflow skills were aligned with the active skills/MCP/agents/harness surface, including all generated agent MCP/skills/hooks flags and parallel subagent orchestration guidance.
+- Remaining: lock broader provider fallback metadata with tests for rate limit, timeout, and authority fallback variants.
+- Remaining: define minimum machine-readable CLI envelopes for the rest of the automation-critical commands.
+- Remaining: release/tag only after local gates, native safety packaging, package audit, smoke-pack, tarball install smoke, GitHub Smoke Test, and GitHub CI pass on the exact target commit.
+### P1: observability and diagnostics
+- Done: provider route/fallback counts are now emitted in run summaries/reports and summary terminal output.
+- Done: invalid MCP JSON is reported as a visible diagnostic without leaking secret-like config values.
+- Done: \`omk mcp doctor --json\` exposes structured server status, command resolution, timeout, permission, and config-source fields.
+- Expand JSON output for graph, DAG, summary, and workflow commands where CI or agents consume results.
+- Link graph nodes back to runs, goals, providers, and evidence so \`omk graph view\` becomes audit evidence, not only visualization.
+### P2: execution depth and planner quality
+- Deepen \`omk team\` runtime reporting: worker state, pane/session health, artifacts, and verification handoff.
+- Done: replace the \`omk goal plan\` stub with a planner that emits steps, acceptance criteria, risks, and evidence gates.
+- Add provider-quality gates before broader non-primary-provider worker pools.
+- Keep primary-provider execution as the safe fallback path for every run.
+## Later tracks
+### Provider routing maturity
+- Keep the resolved authority provider as the writer, merger, and final synthesis runtime.
+- Use provider hints for explorer, reviewer, QA, planner, and documentation roles only when preflight is healthy and task risk is low.
+- Record provider attempts, route confidence, fallback reason, and final authority in run evidence.
+### Graph and memory maturity
+- Materialize provider routes, fallback events, goals, evidence gates, and run artifacts in the local graph/Kuzu ontology.
+- Keep \`omk graph view\` local-first and safe for private repositories.
+### Historical milestones
+| Version | Focus |
+|---------|-------|
+| v0.1 | init / doctor / chat, P0 skills, AGENTS.md / DESIGN.md generation, quality gate hooks |
+| v0.2 | wire controller, HUD, run state, worker logs |
+| v0.3 | worktree team, merge queue, reviewer / QA / integrator agents |
+| v0.4 | Google DESIGN.md integration, Stitch skills installer, screenshot UI review, Spec Kit planning + DAG execution, agent registry, project index, run summary |
+| v0.5 | MCP project server, plugin pack, CI agent mode |
+| v1.1.6 | provider/deepseek commands, provider policy flags, graph view, goal lifecycle, expanded run history and update JSON |
+| v1.1.9 | chat harness manifest, capability DAG lanes, Rust native safety loader, Windows clipboard screenshot bridge, release native matrix |
+| v1.1.12 | Replay system, skill assigner, decision trace coverage, evidence gates, and repair policy |
+| v1.1.13 | Bundled MCP server entrypoints, ACP/host transport groundwork, deployment-ready package metadata |
+| v1.1.14 | Current harness docs, external-inspired workflow skills, and release-safe public wording |
+| v1.1.15 | Isolated HOME MCP shell-profile hotfix and persistent fetch MCP entrypoint |
+| v1.1.16 | Deterministic IntentFrame/ActionAtom orchestration, chat schema preflight, MCP duplicate policy, agent capability propagation, and doctor/init/pack smoke fixes |
+| v1.1.17 | Full generated-agent MCP/skills/hooks enablement, parallel subagent orchestration emphasis, and v1.1.17 release docs |
+`;
+export const SECURITY_MD = `# Security Policy
+## Reporting Vulnerabilities
+Please report security issues via GitHub Issues with the \`security\` label.
+## Built-in Protections
+open-multi-agent-kit includes scoped default hooks to block destructive commands and secret leakage when the active runtime/harness enables them.
+## Native Runtime Safety Gates
+- Native chat turns should be read-only by default; write, shell, and merge capabilities must be requested only when task intent requires them.
+- \`--execution ask|auto|never\` and sandbox policy must propagate through routing into runtime adapters.
+- \`authority\`, \`primary\`, and \`omk\` provider policies must resolve to a concrete provider before execution.
+- DeepSeek and other advisory providers are read/review/advisory by default and must not silently receive write/shell authority.
+- Provider bootstrap must distinguish binary/runtime availability from auth, model, and quota readiness.
+- Provider failure previews must be gated behind debug mode and redacted before terminal or artifact output.
+- MCP, skills, hooks, and tool-plane parse/resolution failures must surface as diagnostics; runtime-required MCP failures should block execution.
+## MCP and Harness Secret Handling
+- Fresh init writes project-local \`omk-project\` MCP only; user/global MCP and skills are runtime-only unless explicitly imported by a trusted local user.
+- Never print, commit, or summarize MCP \`env\`, headers, tokens, or provider keys.
+- Treat \`chat-agent-harness.json\` as private run metadata: use it for inventory/gates, but do not paste large inventories or secret-like values into prompts, memory, or reports.
+- Prefer sanitized \`omk mcp doctor --json\`, \`omk verify --json\`, test summaries, and secret scans as shareable evidence.
+## Child Runtime Isolation
+OMK currently provides environment hardening for child runtimes.
+By default, child runtimes do not inherit the full parent process environment.
+OMK passes an allowlisted environment and drops common secret-bearing variables
+such as cloud provider credentials, GitHub/NPM tokens, SSH agent sockets,
+Kubernetes config, and dotenv/env-file references.
+This is not a full OS-level sandbox. Filesystem, process, and network isolation
+are future hardening work and must not be assumed unless explicitly provided by
+the selected runtime or host environment.
+Current security claims:
+- OMK prevents ambient secret leakage into child runtimes by default.
+- OMK sanitizes child runtime environments.
+- OMK routes tasks according to declared runtime capabilities.
+- OMK forces approval for write-capable Codex workspace runs.
+- OMK exposes sandbox intent/profile metadata for future enforcement.
+Non-claims:
+- OMK does not fully sandbox child CLIs.
+- OMK does not prevent all filesystem access outside the workspace.
+- OMK does not prevent network exfiltration.
+- OMK does not enforce OS-level process isolation.
+## Best Practices
+- Review hooks before running in production repositories.
+- Use \`--print\` mode only in disposable worktrees.
+- Never commit secrets into agent memory files.
+`;
+export const ROOT_PROMPT_MD = `# open-multi-agent-kit Root Agent
+You are the OMK root orchestrator for open-multi-agent-kit — a provider-neutral orchestration control plane that turns a goal into a bounded coding team.
+Models execute. OMK routes, verifies, measures, and controls.
+You must operate with OMK identity as the authority layer: summon parallel subagents when scopes are independent, assign each lane scoped MCP, skills, and hooks, and keep the root context focused on goal management, integration, evidence, and verification. The active runtime scope, selected provider adapter, and harness policy decide which resources are actually available.
+## Loaded Project Instructions
+\${KIMI_AGENTS_MD}
+## Loaded Skills
+\${KIMI_SKILLS}
+## Global Rules
+- Apply AGENTS.md silently.
+- Do not repeat boilerplate.
+- Use SetTodoList for multi-step tasks.
+- Use Agent tool for non-trivial tasks. All 15 role agents (explorer, planner, router, architect, coder, reviewer, security, qa, tester, researcher, integrator, aggregator, interviewer, ontology, vision-debugger) are available with MCP, skills, and hooks capability flags.
+- Use skills when relevant.
+- Use MCP tools when configured and useful. All subagents inherit scoped MCP server inventory, skills, and hooks when enabled by runtime scope. Do not hesitate to invoke available capabilities.
+- Treat project-local ontology graph memory as mandatory when the omk-project MCP exposes memory tools.
+- Recall relevant project memory before work, write durable findings through omk_write_memory, and use omk_memory_mindmap/omk_graph_query for graph recall.
+- Prefer plan-first execution.
+- Prefer small, reviewable diffs.
+- Verify before completion.
+- Never claim tests passed unless they were run.
+## Active Harness and Resource Inventory
+- If a run contains chat-agent-harness.json, read it for the full MCP/skills/hooks inventory, virtual DAG, authority boundaries, worker limits, and gate list.
+- Treat compact prompt resource counts as summaries only.
+- Default runtime scope is project MCP/skills; all-scope may read user ~/.kimi resources at runtime without copying personal files.
+- Do not paste huge global MCP/skill inventories or secret-bearing env/header values into prompts, memory, or final reports.
+## OMK Context Tools
+- Root and generated role agents inherit an Okabe-compatible base while OMK scopes MCP, skills, and hooks per active runtime/harness policy.
+- Use D-Mail before risky refactors, compaction, or long-running branch points: send a concise future-facing recovery note to the relevant checkpoint.
+- Use OMK-managed subagents for isolated context and parallel work; keep the root context focused on decisions, integration, and verification.
+- Prefer /compact or a D-Mail recovery note over dumping large history back into the prompt.
+## Required Workflow
+For non-trivial tasks:
+1. Read project instructions.
+2. Create todos.
+3. Launch appropriate subagents in parallel when their scopes are independent:
+   - explorer for repository discovery
+   - planner for architecture/refactor/risky work
+   - coder for implementation
+   - reviewer or qa for review and gate analysis
+   - security for secret/permission/trust-boundary review
+   - ontology for graph memory and project knowledge curation
+4. Read relevant skills.
+5. Use MCP if useful.
+6. Implement minimal changes.
+7. Run quality gates.
+8. Review final diff.
+9. Return factual final report.
+## Final Report Format
+\`\`\`txt
+Changed:
+Files:
+Commands:
+Result:
+Risk:
+\`\`\`
+`;
+export const HOOK_SCRIPTS = {
+    "session-context.sh": `#!/usr/bin/env bash
+# OMK SessionStart Context — keeps high-value local workflows visible
+set -euo pipefail
+if ! command -v node &>/dev/null; then
+  echo '{"hookSpecificOutput":{"hookEventName":"SessionStart","additionalContext":"OMK session started. Read project rules, use graph-view for memory relationships, use open-design for localhost design, and verify before final."}}'
+  exit 0
+fi
+node <<'NODE'
+const context = [
+  'OMK session startup context.',
+  '- Read AGENTS.md and .kimi/AGENTS.md before edits; read DESIGN.md before UI/frontend/visual work.',
+  '- For local design iteration, use /open-design or omk design open-design --open to launch localhost.',
+  '- For memory/risk/file relationships, use /graph-view or omk graph view --open before broad repo edits.',
+  '- Treat release, push, publish, and deployment as not done unless the exact command ran and fresh evidence was collected.',
+  '- Final reports should list changed files, commands run, pass/fail/not-run status, and remaining risk.',
+].join('\\n');
+process.stdout.write(JSON.stringify({
+  hookSpecificOutput: {
+    hookEventName: 'SessionStart',
+    additionalContext: context,
+  },
+}) + '\\n');
+NODE
+`,
+    "awesome-agent-skills-router.sh": `#!/usr/bin/env bash
+# Awesome Agent Skills Router — curated OMK hints from VoltAgent/awesome-agent-skills
+set -euo pipefail
+# This hook is advisory only: no network access, no third-party skill install,
+# and no prompt blocking. It maps common awesome-agent-skills domains to the
+# already-installed OMK skills/workflows that are safe to consider.
+if ! command -v node &>/dev/null; then
+  exit 0
+fi
+INPUT_FILE="$(mktemp)"
+trap 'rm -f "$INPUT_FILE"' EXIT
+cat > "$INPUT_FILE"
+node - "$INPUT_FILE" <<'NODE'
+const fs = require('node:fs');
+// Static slash markers for non-shell smoke validation:
+// /open-design /awesome-design-md /omk-design-md /omk-quality-gate /graph-view /omk-kimi-runtime
+function readPayload(filePath) {
+  try {
+    const raw = fs.readFileSync(filePath, 'utf8').trim();
+    if (!raw) return {};
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function textFrom(value) {
+  if (typeof value === 'string') return value;
+  if (Array.isArray(value)) {
+    return value.map(textFrom).filter(Boolean).join('\\n');
+  }
+  if (value && typeof value === 'object') {
+    for (const key of ['prompt', 'user_prompt', 'message', 'input', 'text', 'content', 'command_args']) {
+      const found = textFrom(value[key]);
+      if (found) return found;
+    }
+  }
+  return '';
+}
+const payload = readPayload(process.argv[2]);
+const prompt = textFrom(payload.prompt)
+  || textFrom(payload.user_prompt)
+  || textFrom(payload.message)
+  || textFrom(payload.input)
+  || textFrom(payload.command_args)
+  || textFrom(payload.tool_input)
+  || textFrom(payload);
+const normalized = prompt.toLowerCase();
+if (normalized.trim().length < 3) {
+  process.exit(0);
+}
+const routes = [
+  {
+    id: 'design-ui',
+    patterns: [
+      'design', 'ui', 'ux', 'frontend', 'front-end', 'figma', 'stitch', 'open-design',
+      'prototype', 'landing', 'component', 'visual', 'screenshot', 'responsive', 'accessibility',
+      'react', 'next.js', 'vite', 'expo', 'react native',
+      '디자인', '화면', '프론트', '랜딩', '컴포넌트', '시각', '스크린샷', '반응형', '접근성', '프로토타입',
+    ],
+    skills: ['open-design', 'awesome-design-md', 'omk-design-md', 'omk-flow-design-to-code', 'omk-multimodal-ui-review', 'react-doctor'],
+    note: 'For visual work, read DESIGN.md, reuse tokens, use awesome-design-md references when a named style is requested, and launch localhost with omk design open-design when interactive design is useful.',
+  },
+  {
+    id: 'bugfix-debug',
+    patterns: [
+      'bug', 'error', 'failed', 'failure', 'traceback', 'exception', 'fix', 'regression', 'broken', 'debug',
+      '버그', '에러', '오류', '실패', '고쳐', '수정', '안됨', '안돼', '문제', '디버그',
+    ],
+    skills: ['omk-flow-bugfix', 'andrej-karpathy-skills', 'matt-pocock-skills', 'omk-quality-gate'],
+    note: 'For failures, isolate root cause first, keep the patch small, and rerun the failing command plus the quality gate.',
+  },
+  {
+    id: 'feature-build',
+    patterns: [
+      'implement', 'build', 'add ', 'create', 'scaffold', 'generate', 'feature', 'new command',
+      '구현', '추가', '만들', '생성', '기능', '신규',
+    ],
+    skills: ['omk-plan-first', 'omk-flow-feature-dev', 'matt-pocock-skills', 'andrej-karpathy-skills', 'omk-quality-gate'],
+    note: 'For new capability work, plan the smallest reversible diff and include regression coverage before completion.',
+  },
+  {
+    id: 'review-security',
+    patterns: [
+      'review', 'audit', 'security', 'vulnerability', 'secret', 'token', 'auth', 'permission', 'xss', 'sql injection', 'ssrf',
+      '리뷰', '검토', '보안', '취약', '시크릿', '토큰', '인증', '권한',
+    ],
+    skills: ['omk-code-review', 'omk-quality-gate'],
+    note: 'For security-sensitive work, do not print secrets, review trust boundaries, and run the project secret scan when available.',
+  },
+  {
+    id: 'release-git',
+    patterns: [
+      'release', 'publish', 'npm', 'version', 'changelog', 'commit', 'pull request', ' pr ', 'pr로', 'push', 'tag',
+      '배포', '릴리즈', '버전', '변경로그', '커밋', '푸시',
+    ],
+    skills: ['omk-flow-release', 'omk-flow-pr-review', 'omk-quality-gate'],
+    note: 'For release or PR work, verify build/test/package evidence before reporting publish or PR readiness.',
+  },
+  {
+    id: 'spec-planning',
+    patterns: [
+      'spec', 'prd', 'requirements', 'acceptance', 'tasks', 'speckit', 'plan', 'architecture',
+      '명세', '요구사항', '수락기준', '계획', '아키텍처',
+    ],
+    skills: ['omk-plan-first', 'speckit-specify', 'speckit-plan', 'speckit-tasks'],
+    note: 'For specification work, produce acceptance criteria and a test shape before implementation.',
+  },
+  {
+    id: 'refactor-cleanup',
+    patterns: [
+      'refactor', 'cleanup', 'simplify', 'deslop', 'debt', 'migration',
+      '리팩토', '정리', '단순화', '마이그레이션',
+    ],
+    skills: ['omk-flow-refactor', 'andrej-karpathy-skills', 'matt-pocock-skills', 'omk-quality-gate'],
+    note: 'For refactors, preserve behavior with tests first and avoid unrelated rewrites.',
+  },
+  {
+    id: 'ontology-graph',
+    patterns: [
+      'ontology', 'graph', 'graph-view', 'node', 'nodes', 'edge', 'edges', 'relationship',
+      'memory graph', 'risk map', 'decision graph', 'trace map',
+      '온톨로지', '그래프', '노드', '엣지', '관계', '메모리 그래프', '리스크맵', '결정 그래프',
+    ],
+    skills: ['graph-view', 'omk-kimi-runtime', 'omk-quality-gate'],
+    note: 'For graph or memory-relationship work, inspect .omk/memory/graph-state.json with omk graph view --open or /graph-view before changing code.',
+  },
+  {
+    id: 'agent-orchestration',
+    patterns: [
+      'agent', 'subagent', 'multi-agent', 'orchestration', 'workflow', 'mcp', 'hook', 'hooks', 'skill', 'skills', 'memory',
+      '에이전트', '서브에이전트', '워크플로', '훅', '스킬', '메모리',
+    ],
+    skills: ['omk-task-router', 'omk-project-rules', 'omk-kimi-runtime', 'omk-flow-team-run', 'agentmemory', 'multica', 'andrej-karpathy-skills'],
+    note: 'For agent or hook work, keep routing advisory, avoid installing unreviewed external skills, and verify generated config locally.',
+  },
+  {
+    id: 'tests-quality',
+    patterns: [
+      'test', 'tests', 'qa', 'quality', 'lint', 'typecheck', 'playwright', 'e2e', 'coverage',
+      '테스트', '검증', '품질', '타입체크', '커버리지',
+    ],
+    skills: ['omk-quality-gate'],
+    note: 'For validation requests, run the actual project scripts and report exact pass/fail evidence.',
+  },
+  {
+    id: 'docs-research',
+    patterns: [
+      'docs', 'documentation', 'readme', 'research', 'verify', 'official docs', 'look up',
+      '문서', '조사', '검증', '검색', '찾아',
+    ],
+    skills: ['omk-plan-first', 'omk-quality-gate'],
+    note: 'For docs or external references, prefer official/current sources and cite or record what was verified.',
+  },
+];
+const matched = routes.filter((route) => route.patterns.some((pattern) => normalized.includes(pattern)));
+if (matched.length === 0) {
+  process.exit(0);
+}
+const skills = [];
+for (const route of matched) {
+  for (const skill of route.skills) {
+    if (!skills.includes(skill)) skills.push(skill);
+  }
+}
+if (!skills.includes('omk-quality-gate')) {
+  skills.push('omk-quality-gate');
+}
+const context = [
+  'OMK awesome-agent-skills routing hint (curated from VoltAgent/awesome-agent-skills; advisory only).',
+  'Matched domains: ' + matched.map((route) => route.id).join(', '),
+  'Prefer installed OMK skills/workflows: ' + skills.map((skill) => '/' + skill).join(', '),
+  'Do not auto-install third-party skills from awesome-agent-skills. Review source, license, and security before adoption.',
+  ...matched.slice(0, 4).map((route) => route.note),
+].join('\\n');
+process.stdout.write(JSON.stringify({
+  hookSpecificOutput: {
+    hookEventName: 'UserPromptSubmit',
+    additionalContext: context,
+  },
+}) + '\\n');
+NODE
+`,
+    "precompact-checkpoint.sh": `#!/usr/bin/env bash
+# OMK PreCompact Checkpoint — compact without losing recovery state
+set -euo pipefail
+if ! command -v node &>/dev/null; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PreCompact","additionalContext":"Before compaction: record goal, changed files, verification state, blockers, and next action. Never store secrets."}}'
+  exit 0
+fi
+node <<'NODE'
+const context = [
+  'OMK pre-compaction checkpoint.',
+  '- Preserve current goal, changed files, verification state, blockers, and intended next action.',
+  '- If available, write concise notes to .omx/notepad.md or project-local memory; never store secrets.',
+  '- After compaction, refresh from the checkpoint before editing or claiming completion.',
+].join('\\n');
+process.stdout.write(JSON.stringify({
+  hookSpecificOutput: {
+    hookEventName: 'PreCompact',
+    additionalContext: context,
+  },
+}) + '\\n');
+NODE
+`,
+    "subagent-stop-audit.sh": `#!/usr/bin/env bash
+# OMK SubagentStop Audit — leader must verify delegated work
+set -euo pipefail
+HOOK_INPUT="$(cat || true)"
+if ! command -v node &>/dev/null; then
+  exit 0
+fi
+OMK_HOOK_INPUT="$HOOK_INPUT" \\
+node <<'NODE'
+const inputText = process.env.OMK_HOOK_INPUT || '';
+let input = {};
+try {
+  input = inputText.trim() ? JSON.parse(inputText) : {};
+} catch (error) {
+  console.error('[subagent-stop-audit] invalid stdin JSON: ' + String(error));
+  process.exit(0);
+}
+if (input.stop_hook_active === true) {
+  process.exit(0);
+}
+const context = [
+  'OMK subagent completion audit.',
+  '- Do not claim success from a subagent report alone.',
+  '- Review the concrete files changed, reconcile conflicts, and keep unrelated user edits intact.',
+  '- Run the relevant quality gates locally and report pass/fail/not-run evidence.',
+].join('\\n');
+process.stdout.write(JSON.stringify({
+  systemMessage: context,
+}) + '\\n');
+NODE
+`,
+    "branch-diff-snapshot.sh": `#!/usr/bin/env bash
+# OMK Branch Diff Snapshot — records merge-review metadata without full diff contents
+set +e
+SNAP_DIR=".omk/runs/_branch-snapshots"
+mkdir -p "$SNAP_DIR" >/dev/null 2>&1
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+  echo '{"hookSpecificOutput":{"hookEventName":"SubagentStop","additionalContext":"Branch diff snapshot skipped: not inside a git worktree."}}'
+  exit 0
+fi
+branch="$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo unknown)"
+commit="$(git rev-parse --short HEAD 2>/dev/null || echo unknown)"
+safe_branch="$(printf '%s' "$branch" | tr -c 'A-Za-z0-9._-' '-')"
+stamp="$(date -u +%Y%m%dT%H%M%SZ)"
+snapshot="$SNAP_DIR/$stamp-$safe_branch.md"
+{
+  echo "# OMK branch diff snapshot"
+  echo
+  echo "- branch: $branch"
+  echo "- commit: $commit"
+  echo "- captured_at: $stamp"
+  echo
+  echo "## Status"
+  git status --short 2>/dev/null || true
+  echo
+  echo "## Diff stat"
+  git diff --stat 2>/dev/null || true
+  echo
+  echo "## Changed files"
+  git diff --name-only 2>/dev/null || true
+} > "$snapshot"
+printf '{"hookSpecificOutput":{"hookEventName":"SubagentStop","additionalContext":"Branch diff snapshot saved: %s"}}\\n' "$snapshot"
+`,
+    "pre-shell-guard.sh": `#!/usr/bin/env bash
+# PreShellUse Guard — blocks dangerous commands
+set -e
+# Close security gate if jq/python3 is missing (deny by default)
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"python3 not installed — pre-shell-guard cannot validate commands"}}'
+  exit 0
+fi
+INPUT=$(cat)
+DESTRUCTIVE_DECISION=$(INPUT_JSON="$INPUT" "$PY" <<'PY'
+import json
+import os
+import posixpath
+import shlex
+def decision(reason):
+    print(json.dumps({"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":reason}}, separators=(",", ":")))
+def as_tokens(value):
+    if isinstance(value, list):
+        return [str(item) for item in value]
+    if isinstance(value, str) and value.strip():
+        return shlex.split(value, comments=True, posix=True)
+    return []
+def expand_shell_wrappers(root_tokens):
+    result = []
+    queue = [root_tokens]
+    while queue and len(result) < 8:
+        current = queue.pop(0)
+        result.append(current)
+        for idx, token in enumerate(current):
+            if posixpath.basename(token) not in {"bash", "sh", "zsh", "dash"}:
+                continue
+            j = idx + 1
+            while j < len(current):
+                opt = current[j]
+                if opt == "--":
+                    j += 1
+                    break
+                if opt in {"-c", "-lc"} or (opt.startswith("-") and not opt.startswith("--") and "c" in opt):
+                    if j + 1 < len(current):
+                        queue.append(as_tokens(current[j + 1]))
+                    break
+                if opt.startswith("-"):
+                    j += 1
+                    continue
+                break
+    return result
+def flag_letters(token):
+    if token.startswith("--"):
+        return set()
+    if token.startswith("-"):
+        return set(token[1:])
+    return set()
+def has_rm_rf(tokens, index):
+    letters = set()
+    for token in tokens[index + 1:]:
+        letters.update(flag_letters(token))
+        if not token.startswith("-"):
+            break
+    return "r" in letters and "f" in letters
+def rm_rf_targets_catastrophic(tokens, index):
+    if not has_rm_rf(tokens, index):
+        return False
+    targets = []
+    for token in tokens[index + 1:]:
+        if token == "--" or token.startswith("-"):
+            continue
+        targets.append(token)
+    return any(target in {"/", "~", "$HOME"} or target.startswith("/*") or target.startswith("/dev/") for target in targets)
+def has_git_clean_danger(tokens, index):
+    rest = tokens[index + 1:]
+    if "clean" not in rest:
+        return False
+    clean_index = rest.index("clean") + index + 1
+    letters = set()
+    for token in tokens[clean_index + 1:]:
+        letters.update(flag_letters(token))
+    return {"f", "d", "x"}.issubset(letters)
+def has_pipe_to_shell(tokens):
+    shell_names = {"bash", "sh", "zsh", "dash"}
+    downloaders = {"curl", "wget"}
+    for idx, token in enumerate(tokens):
+        if token != "|":
+            continue
+        left = {posixpath.basename(item) for item in tokens[:idx]}
+        right = {posixpath.basename(item) for item in tokens[idx + 1:]}
+        if left & downloaders and right & shell_names:
+            return True
+    return False
+def is_destructive(tokens):
+    # Low-friction benchmark/SWE mode: only stop machine-destroying operations.
+    # Package managers, git clean, chmod, docker, kubectl, sudo, and pipe-to-shell
+    # are allowed so normal coding agents do not stall on broad heuristics.
+    normalized = [str(token) for token in tokens]
+    for idx, token in enumerate(normalized):
+        exe = posixpath.basename(token)
+        if exe == "rm" and rm_rf_targets_catastrophic(normalized, idx):
+            return True
+        if exe.startswith("mkfs"):
+            return True
+        if exe == "dd" and any(arg.startswith("of=/dev/") for arg in normalized[idx + 1:]):
+            return True
+    return False
+try:
+    data = json.loads(os.environ.get("INPUT_JSON", "{}"))
+    tool_input = data.get("tool_input", {})
+    tokens = as_tokens(tool_input.get("command", "")) + as_tokens(tool_input.get("args", ""))
+    for expanded in expand_shell_wrappers(tokens):
+        if is_destructive(expanded):
+            decision("Potentially destructive command blocked by pre-shell-guard")
+            break
+except Exception:
+    # If token parsing fails on complex shell/heredoc syntax, fall through to the
+    # literal block list and release guard instead of blocking benign coding work.
+    pass
+PY
+)
+if [ -n "$DESTRUCTIVE_DECISION" ]; then
+  echo "$DESTRUCTIVE_DECISION"
+  exit 0
+fi
+COMMAND=$(echo "$INPUT" | $PY -c 'import sys,json; d=json.load(sys.stdin); print(d.get("tool_input",{}).get("command",""))')
+ARGS=$(echo "$INPUT" | $PY -c 'import sys,json; d=json.load(sys.stdin); print(d.get("tool_input",{}).get("args",""))')
+FULL="$COMMAND $ARGS"
+# Block list
+BLOCKED=(
+  "rm -rf /"
+  "rm -fr /"
+  "rm -rf /*"
+  "rm -fr /*"
+  "rm -rf ~"
+  "rm -fr ~"
+  "mkfs"
+  "of=/dev/"
+  "> /dev/"
+  ":(){ :|:& };:"
+)
+for pattern in "\${BLOCKED[@]}"; do
+  if [[ "$FULL" == *"$pattern"* ]]; then
+    echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Potentially destructive command blocked by pre-shell-guard"}}'
+    exit 0
+  fi
+done
+# Release/deploy guard. These commands are not destructive like rm -rf, but
+# they can publish external state. Parse tokens so common option/shell-wrapper
+# variants cannot bypass the guard.
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+INPUT_JSON="$INPUT" SCRIPT_DIR="$SCRIPT_DIR" "$PY" <<'PY'
+import json
+import os
+import posixpath
+import shlex
+import sys
+def respond(permission, reason=None):
+    payload = {"hookSpecificOutput": {"hookEventName": "PreToolUse", "permissionDecision": permission}}
+    if reason:
+        payload["hookSpecificOutput"]["permissionDecisionReason"] = reason
+    print(json.dumps(payload, separators=(",", ":")))
+    sys.exit(0)
+def as_tokens(value):
+    if isinstance(value, list):
+        return [str(item) for item in value]
+    if isinstance(value, str) and value.strip():
+        return shlex.split(value, comments=True, posix=True)
+    return []
+def expand_shell_wrappers(root_tokens):
+    result = []
+    queue = [root_tokens]
+    while queue and len(result) < 8:
+        current = queue.pop(0)
+        result.append(current)
+        for idx, token in enumerate(current):
+            if posixpath.basename(token) not in {"bash", "sh", "zsh", "dash"}:
+                continue
+            j = idx + 1
+            while j < len(current):
+                opt = current[j]
+                if opt == "--":
+                    j += 1
+                    break
+                if opt in {"-c", "-lc"} or (opt.startswith("-") and not opt.startswith("--") and "c" in opt):
+                    if j + 1 < len(current):
+                        try:
+                            queue.append(as_tokens(current[j + 1]))
+                        except ValueError as exc:
+                            respond("deny", f"Unable to parse shell-wrapped release/deploy command safely: {exc}")
+                    break
+                if opt.startswith("-"):
+                    j += 1
+                    continue
+                break
+    return result
+def skip_flags(tokens, index):
+    value_flags = {
+        "-C", "-c", "--config-env", "--git-dir", "--work-tree", "--namespace",
+        "--registry", "--userconfig", "--prefix", "--cache", "--filter", "--workspace",
+        "--cwd", "--repo", "-R", "--ref", "--field", "-f", "--json", "--jq",
+    }
+    i = index
+    while i < len(tokens):
+        token = tokens[i]
+        if token == "--":
+            return i + 1
+        if token in value_flags and i + 1 < len(tokens):
+            i += 2
+            continue
+        if any(token.startswith(prefix + "=") for prefix in value_flags if prefix.startswith("--")):
+            i += 1
+            continue
+        if token.startswith("-"):
+            i += 1
+            continue
+        return i
+    return i
+def is_release_command(tokens):
+    i = 0
+    while i < len(tokens):
+        exe = posixpath.basename(tokens[i])
+        if exe == "git":
+            command_index = skip_flags(tokens, i + 1)
+            if command_index < len(tokens) and tokens[command_index] == "push":
+                return True
+            i = max(command_index + 1, i + 1)
+            continue
+        if exe == "npm":
+            command_index = skip_flags(tokens, i + 1)
+            if command_index < len(tokens) and tokens[command_index] in {"publish", "version"}:
+                return True
+            i = max(command_index + 1, i + 1)
+            continue
+        if exe == "pnpm":
+            command_index = skip_flags(tokens, i + 1)
+            if command_index < len(tokens) and tokens[command_index] == "publish":
+                return True
+            i = max(command_index + 1, i + 1)
+            continue
+        if exe == "yarn":
+            command_index = skip_flags(tokens, i + 1)
+            if command_index < len(tokens) and tokens[command_index] == "publish":
+                return True
+            if command_index + 1 < len(tokens) and tokens[command_index] == "npm" and tokens[command_index + 1] == "publish":
+                return True
+            i = max(command_index + 1, i + 1)
+            continue
+        if exe == "gh":
+            command_index = skip_flags(tokens, i + 1)
+            if command_index + 1 < len(tokens):
+                pair = (tokens[command_index], tokens[command_index + 1])
+                if pair in {("release", "create"), ("workflow", "run")}:
+                    return True
+            i += 1
+            continue
+        i += 1
+    return False
+tool_input = {}
+try:
+    data = json.loads(os.environ.get("INPUT_JSON", "{}"))
+    tool_input = data.get("tool_input", {})
+    tokens = as_tokens(tool_input.get("command", "")) + as_tokens(tool_input.get("args", ""))
+except Exception as exc:
+    raw_command = str(tool_input.get("command", "")) if isinstance(tool_input, dict) else ""
+    raw_args = str(tool_input.get("args", "")) if isinstance(tool_input, dict) else ""
+    raw_full = f"{raw_command} {raw_args}"
+    release_markers = ("git push", "npm publish", "npm version", "pnpm publish", "yarn publish", "yarn npm publish", "gh release create", "gh workflow run")
+    if any(marker in raw_full for marker in release_markers):
+        respond("deny", f"Unable to parse release/deploy command safely: {exc}")
+    respond("allow")
+if os.environ.get("OMK_ALLOW_RELEASE") == "1":
+    respond("allow")
+# File-based override for environments where env vars don't propagate to hooks
+allow_release_path = os.path.join(os.environ.get("SCRIPT_DIR", ""), ".allow-release")
+if os.path.exists(allow_release_path):
+    respond("allow")
+for expanded in expand_shell_wrappers(tokens):
+    if is_release_command(expanded):
+        respond("deny", "Release/deploy command blocked by OMK release guard. Re-run with OMK_ALLOW_RELEASE=1 only after an explicit user request and fresh verification evidence.")
+respond("allow")
+PY
+`,
+    "worktree-create-guard.sh": `#!/usr/bin/env bash
+# OMK Worktree Create Guard — keeps worker lanes under .omk/worktrees by default
+set -e
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"python3 not installed — worktree-create-guard cannot validate commands"}}'
+  exit 0
+fi
+INPUT=$(cat)
+INPUT_JSON="$INPUT" "$PY" <<'PY'
+import json
+import os
+import posixpath
+import shlex
+import sys
+def respond(permission, reason=None):
+    payload = {"hookSpecificOutput": {"hookEventName": "PreToolUse", "permissionDecision": permission}}
+    if reason:
+        payload["hookSpecificOutput"]["permissionDecisionReason"] = reason
+    print(json.dumps(payload, separators=(",", ":")))
+    sys.exit(0)
+def as_tokens(value):
+    if isinstance(value, list):
+        return [str(item) for item in value]
+    if isinstance(value, str) and value.strip():
+        return shlex.split(value, comments=True, posix=True)
+    return []
+try:
+    data = json.loads(os.environ.get("INPUT_JSON", "{}"))
+except Exception:
+    respond("allow")
+tool_input = data.get("tool_input", {})
+raw_full = f"{tool_input.get('command', '')} {tool_input.get('args', '')}"
+try:
+    initial_tokens = as_tokens(tool_input.get("command", "")) + as_tokens(tool_input.get("args", ""))
+except ValueError as exc:
+    if "git" in raw_full and "worktree" in raw_full:
+        respond("deny", f"Unable to parse git worktree command safely: {exc}")
+    respond("allow")
+def canonical_path(path):
+    return os.path.realpath(os.path.abspath(path))
+def resolve_path(path_arg, base_dir):
+    return canonical_path(path_arg if os.path.isabs(path_arg) else os.path.join(base_dir, path_arg))
+project_root = canonical_path(os.environ.get("OMK_PROJECT_ROOT") or os.getcwd())
+allowed_root = canonical_path(os.path.join(project_root, ".omk", "worktrees"))
+options_with_values = {
+    "-C", "-c", "--git-dir", "--work-tree", "--namespace", "--config-env",
+    "-b", "-B", "--reason", "--lock", "--orphan",
+}
+def path_within_allowed(path_arg, base_dir):
+    base = canonical_path(base_dir)
+    actual = resolve_path(path_arg, base)
+    try:
+        return os.path.commonpath([allowed_root, actual]) == allowed_root
+    except ValueError:
+        return False
+def skip_git_globals(index):
+    base_dir = canonical_path(os.getcwd())
+    i = index
+    while i < len(tokens):
+        token = tokens[i]
+        if token == "-C" and i + 1 < len(tokens):
+            next_dir = tokens[i + 1]
+            base_dir = resolve_path(next_dir, base_dir)
+            i += 2
+        elif token.startswith("-C") and len(token) > 2:
+            next_dir = token[2:]
+            base_dir = resolve_path(next_dir, base_dir)
+            i += 1
+        elif token in {"-c", "--git-dir", "--work-tree", "--namespace", "--config-env"} and i + 1 < len(tokens):
+            i += 2
+        elif token.startswith(("--git-dir=", "--work-tree=", "--namespace=", "--config-env=")):
+            i += 1
+        elif token == "--":
+            i += 1
+            break
+        elif token.startswith("-"):
+            i += 1
+        else:
+            break
+    return i, base_dir
+def find_worktree_path(index):
+    i = index
+    while i < len(tokens):
+        token = tokens[i]
+        if token == "--":
+            i += 1
+            break
+        if token in options_with_values and i + 1 < len(tokens):
+            i += 2
+            continue
+        if any(token.startswith(prefix) for prefix in ("--reason=", "--orphan=")):
+            i += 1
+            continue
+        if token.startswith("-"):
+            i += 1
+            continue
+        return token
+    return tokens[i] if i < len(tokens) else None
+def expand_shell_wrappers(root_tokens):
+    result = []
+    queue = [root_tokens]
+    while queue and len(result) < 8:
+        current = queue.pop(0)
+        result.append(current)
+        for idx, token in enumerate(current):
+            if posixpath.basename(token) not in {"bash", "sh", "zsh", "dash"}:
+                continue
+            j = idx + 1
+            while j < len(current):
+                opt = current[j]
+                if opt == "--":
+                    j += 1
+                    break
+                if opt in {"-c", "-lc"} or (opt.startswith("-") and not opt.startswith("--") and "c" in opt):
+                    if j + 1 < len(current):
+                        try:
+                            queue.append(as_tokens(current[j + 1]))
+                        except ValueError as exc:
+                            if "git" in current[j + 1] and "worktree" in current[j + 1]:
+                                respond("deny", f"Unable to parse shell-wrapped git worktree command safely: {exc}")
+                    break
+                if opt.startswith("-"):
+                    j += 1
+                    continue
+                break
+    return result
+for tokens in expand_shell_wrappers(initial_tokens):
+    i = 0
+    while i < len(tokens):
+        if posixpath.basename(tokens[i]) != "git":
+            i += 1
+            continue
+        command_index, base_dir = skip_git_globals(i + 1)
+        if command_index + 1 >= len(tokens) or tokens[command_index] != "worktree":
+            i += 1
+            continue
+        action = tokens[command_index + 1]
+        if action in {"remove", "prune"} and os.environ.get("OMK_ALLOW_WORKTREE_DELETE") != "1":
+            respond("deny", "Worktree delete/prune blocked unless OMK_ALLOW_WORKTREE_DELETE=1 is set after review.")
+        if action == "add" and os.environ.get("OMK_ALLOW_EXTERNAL_WORKTREE") != "1":
+            path_arg = find_worktree_path(command_index + 2)
+            if not path_arg or not path_within_allowed(path_arg, base_dir):
+                respond("deny", "Worktree lanes must be created under .omk/worktrees/ unless OMK_ALLOW_EXTERNAL_WORKTREE=1 is set.")
+        i = command_index + 2
+respond("allow")
+PY
+`,
+    "protect-secrets.sh": `#!/usr/bin/env bash
+# Secret/environment variable protection
+set -e
+# Close security gate if jq/python3 is missing (deny by default)
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"python3 not installed — protect-secrets cannot validate files"}}'
+  exit 0
+fi
+INPUT=$(cat)
+OMK_HOOK_INPUT="$INPUT" "$PY" - <<'PY'
+import json
+import os
+import re
+def respond(decision, reason=None):
+    payload = {"hookSpecificOutput": {"hookEventName": "PreToolUse", "permissionDecision": decision}}
+    if reason:
+        payload["hookSpecificOutput"]["permissionDecisionReason"] = reason
+    print(json.dumps(payload, separators=(",", ":")))
+try:
+    data = json.loads(os.environ.get("OMK_HOOK_INPUT", "{}") or "{}")
+except Exception:
+    respond("deny", "Invalid hook input")
+    raise SystemExit(0)
+tool_input = data.get("tool_input", {})
+if not isinstance(tool_input, dict):
+    respond("allow")
+    raise SystemExit(0)
+def walk(value, key=""):
+    if isinstance(value, str):
+        yield key, value
+    elif isinstance(value, dict):
+        for child_key, child_value in value.items():
+            yield from walk(child_value, str(child_key))
+    elif isinstance(value, list):
+        for child_value in value:
+            yield from walk(child_value, key)
+SENSITIVE_PATHS = (".env", ".pem", ".key", "id_rsa", "id_ed25519", "credentials", "service-account", ".p12", ".pfx", ".keystore", ".pi", "auth.json", "oauth.json", "tokens.json", "session.json")
+HIGH_CONFIDENCE_PATTERNS = (
+    re.compile(r"(?:ghp_[A-Za-z0-9_]{20,}|github_pat_[A-Za-z0-9_]{20,}|glpat-[A-Za-z0-9_-]{20,}|npm_[A-Za-z0-9_-]{30,}|pypi[-_][A-Za-z0-9_-]{30,}|sk-[A-Za-z0-9_-]{20,})", re.IGNORECASE),
+    re.compile(r"(?:AKIA|ASIA)[0-9A-Z]{16}"),
+    re.compile(r"BEGIN [A-Z ]*PRIVATE KEY"),
+    re.compile(r"(?:ssh-rsa|ssh-ed25519)\\s+[A-Za-z0-9+/=]{40,}"),
+    re.compile(r"\\bBearer\\s+[A-Za-z0-9._~+/-]{16,}", re.IGNORECASE),
+)
+ASSIGNMENT_PATTERN = re.compile(r"""\\b(?:password|secret|api[_-]?key|token|access[_-]?token|refresh[_-]?token|session[_-]?token|oauth|authorization|private[_-]?key|aws[_-]?access[_-]?key[_-]?id|aws[_-]?secret[_-]?access[_-]?key)\\b['"]?\\s*[:=]\\s*['"]?[A-Za-z0-9_./+=@:-]{12,}""", re.IGNORECASE)
+SCAN_VALUE_KEYS = ("content", "text", "string", "newtext", "oldtext", "input", "value", "body", "data")
+SKIP_ASSIGNMENT_KEYS = ("path", "file", "command", "args", "name")
+def should_scan_assignment(key):
+    key_lower = key.lower()
+    if any(marker in key_lower for marker in SKIP_ASSIGNMENT_KEYS):
+        return False
+    return key_lower == "" or any(marker in key_lower for marker in SCAN_VALUE_KEYS)
+for key, value in walk(tool_input):
+    key_lower = key.lower()
+    if ("path" in key_lower or "file" in key_lower) and any(marker in value for marker in SENSITIVE_PATHS):
+        respond("deny", "Direct modification of sensitive file blocked")
+        raise SystemExit(0)
+for key, value in walk(tool_input):
+    if should_scan_assignment(key) and any(pattern.search(value) for pattern in HIGH_CONFIDENCE_PATTERNS):
+        respond("deny", "High-confidence credential value detected")
+        raise SystemExit(0)
+for key, value in walk(tool_input):
+    if should_scan_assignment(key) and ASSIGNMENT_PATTERN.search(value):
+        respond("deny", "High-confidence credential assignment detected")
+        raise SystemExit(0)
+respond("allow")
+PY
+`,
+    "post-format.sh": `#!/usr/bin/env bash
+# Auto-format after save (single file target)
+set -e
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+INPUT=$(cat)
+FILEPATH=$(echo "$INPUT" | $PY -c 'import sys,json; d=json.load(sys.stdin); print(d.get("tool_input",{}).get("file_path",""))')
+if [ -z "$FILEPATH" ]; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+# Detect project root and run formatter (target file only)
+if [ -f "package.json" ] && [ -f "$FILEPATH" ]; then
+  npx prettier --write "$FILEPATH" >/dev/null 2>&1 || true
+fi
+if [ -f "Cargo.toml" ] && [ -f "$FILEPATH" ]; then
+  rustfmt "$FILEPATH" >/dev/null 2>&1 || true
+fi
+echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+`,
+    "typecheck-after-edit.sh": `#!/usr/bin/env bash
+# TypeScript product preset: run project typecheck after TS edits when available.
+set +e
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+INPUT=$(cat)
+FILEPATH=$(echo "$INPUT" | $PY -c 'import sys,json; d=json.load(sys.stdin); print(d.get("tool_input",{}).get("file_path",""))')
+case "$FILEPATH" in
+  *.ts|*.tsx|*.mts|*.cts) ;;
+  *) echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'; exit 0 ;;
+esac
+if [ ! -f "package.json" ] || ! command -v npm &>/dev/null; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+node -e "const p=require('./package.json'); process.exit(p.scripts && p.scripts.check ? 0 : 1)" >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+TMP=$(mktemp)
+npm run check >"$TMP" 2>&1
+STATUS=$?
+if [ $STATUS -eq 0 ]; then
+  rm -f "$TMP"
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+tail -n 40 "$TMP" | $PY -c 'import json,sys; print(json.dumps({"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow","additionalContext":"Typecheck failed after edit. Inspect npm run check output:\\n"+sys.stdin.read()}}))'
+rm -f "$TMP"
+`,
+    "eslint-after-edit.sh": `#!/usr/bin/env bash
+# TypeScript product preset: run project lint after JS/TS edits when available.
+set +e
+if command -v python3 &>/dev/null; then
+  PY=python3
+elif command -v python &>/dev/null; then
+  PY=python
+else
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+INPUT=$(cat)
+FILEPATH=$(echo "$INPUT" | $PY -c 'import sys,json; d=json.load(sys.stdin); print(d.get("tool_input",{}).get("file_path",""))')
+case "$FILEPATH" in
+  *.js|*.jsx|*.mjs|*.cjs|*.ts|*.tsx|*.mts|*.cts) ;;
+  *) echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'; exit 0 ;;
+esac
+if [ ! -f "package.json" ] || ! command -v npm &>/dev/null; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+node -e "const p=require('./package.json'); process.exit(p.scripts && p.scripts.lint ? 0 : 1)" >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+TMP=$(mktemp)
+npm run lint >"$TMP" 2>&1
+STATUS=$?
+if [ $STATUS -eq 0 ]; then
+  rm -f "$TMP"
+  echo '{"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow"}}'
+  exit 0
+fi
+tail -n 40 "$TMP" | $PY -c 'import json,sys; print(json.dumps({"hookSpecificOutput":{"hookEventName":"PostToolUse","permissionDecision":"allow","additionalContext":"ESLint failed after edit. Inspect npm run lint output:\\n"+sys.stdin.read()}}))'
+rm -f "$TMP"
+`,
+    "stop-verify.sh": `#!/usr/bin/env bash
+# Final verification on Stop
+set -euo pipefail
+HOOK_INPUT="$(cat || true)"
+if ! command -v node &>/dev/null; then
+  exit 0
+fi
+OMK_HOOK_INPUT="$HOOK_INPUT" \\
+node <<'NODE'
+const inputText = process.env.OMK_HOOK_INPUT || '';
+let input = {};
+try {
+  input = inputText.trim() ? JSON.parse(inputText) : {};
+} catch (error) {
+  console.error('[stop-verify] invalid stdin JSON: ' + String(error));
+  process.exit(0);
+}
+if (input.stop_hook_active === true) {
+  process.exit(0);
+}
+const context = [
+  'OMK final response checklist.',
+  '- Changed files: list authored files and note any ignored local runtime files refreshed.',
+  '- Commands run: include exact verification commands and pass/fail/not-run status.',
+  '- Deployment status: do not claim push, release, npm publish, or production deploy unless that command actually ran and evidence was read.',
+  '- Remaining risk: state known gaps instead of saying complete without evidence.',
+].join('\\n');
+process.stdout.write(JSON.stringify({
+  systemMessage: context,
+}) + '\\n');
+NODE
+`,
+    "release-check-before-stop.sh": `#!/usr/bin/env bash
+# OMK Release Guard — final checklist reminder for release/security work
+set +e
+HOOK_INPUT="$(cat || true)"
+if ! command -v node &>/dev/null; then
+  exit 0
+fi
+OMK_HOOK_INPUT="$HOOK_INPUT" \\
+node <<'NODE'
+const { execSync } = require('node:child_process');
+const inputText = process.env.OMK_HOOK_INPUT || '';
+let input = {};
+try {
+  input = inputText.trim() ? JSON.parse(inputText) : {};
+} catch (error) {
+  console.error('[release-check-before-stop] invalid stdin JSON: ' + String(error));
+  process.exit(0);
+}
+if (input.stop_hook_active === true) {
+  process.exit(0);
+}
+function shell(command) {
+  try {
+    return execSync(command, { encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'], timeout: 5000 }).trim();
+  } catch {
+    return '';
+  }
+}
+const changed = [
+  shell('git diff --name-only HEAD 2>/dev/null'),
+  shell('git diff --cached --name-only 2>/dev/null'),
+  shell('git ls-files --others --exclude-standard 2>/dev/null'),
+].filter(Boolean).join('\\n');
+const releaseTouched = /(^|\\n)(package\\.json|package-lock\\.json|pnpm-lock\\.yaml|yarn\\.lock|CHANGELOG\\.md|SECURITY\\.md|\\.npmrc|\\.github\\/workflows\\/release\\.ya?ml)(\\n|$)/.test(changed);
+const context = releaseTouched
+  ? 'OMK release guard: release/security files changed. Before final or publish, collect secret scan, security review, quality gate, npm audit summary, changelog/PR evidence, and do not publish/deploy without explicit user request.'
+  : 'OMK release guard: no release file changes detected. Still do not claim push, release, npm publish, or production deploy without exact command evidence.';
+process.stdout.write(JSON.stringify({
+  systemMessage: context,
+}) + '\\n');
+NODE
+`,
+    "npm-audit-summary.sh": `#!/usr/bin/env bash
+# OMK Release Guard — optional npm audit summary for release gates
+set +e
+HOOK_INPUT="$(cat || true)"
+if command -v node &>/dev/null; then
+  OMK_HOOK_INPUT="$HOOK_INPUT" node <<'NODE'
+const inputText = process.env.OMK_HOOK_INPUT || '';
+try {
+  const input = inputText.trim() ? JSON.parse(inputText) : {};
+  if (input.stop_hook_active === true) process.exit(10);
+} catch (error) {
+  console.error('[npm-audit-summary] invalid stdin JSON: ' + String(error));
+  process.exit(11);
+}
+NODE
+  case "$?" in
+    10|11) exit 0 ;;
+  esac
+fi
+if [ ! -f "package.json" ]; then
+  printf '{"systemMessage":"OMK npm audit summary: skipped because package.json is absent."}\\n'
+  exit 0
+fi
+if [ "$OMK_RUN_NPM_AUDIT_SUMMARY" != "1" ]; then
+  printf '{"systemMessage":"OMK npm audit summary: not run automatically. For release/security claims, run npm audit or set OMK_RUN_NPM_AUDIT_SUMMARY=1 and capture the result."}\\n'
+  exit 0
+fi
+if ! command -v npm &>/dev/null || ! command -v node &>/dev/null; then
+  printf '{"systemMessage":"OMK npm audit summary: skipped because npm or node is unavailable."}\\n'
+  exit 0
+fi
+TMP="$(mktemp)"
+npm audit --audit-level=high --omit=dev --json > "$TMP" 2>&1
+STATUS=$?
+node - "$TMP" "$STATUS" <<'NODE'
+const fs = require('node:fs');
+const filePath = process.argv[2];
+const status = Number(process.argv[3] || 0);
+let raw = '';
+try {
+  raw = fs.readFileSync(filePath, 'utf8');
+} catch {}
+let context;
+try {
+  const parsed = JSON.parse(raw);
+  const total = parsed.metadata?.vulnerabilities?.total ?? 'unknown';
+  const high = parsed.metadata?.vulnerabilities?.high ?? 'unknown';
+  const critical = parsed.metadata?.vulnerabilities?.critical ?? 'unknown';
+  context = status === 0
+    ? 'OMK npm audit summary: passed for high+ prod dependencies. total=' + total + ', high=' + high + ', critical=' + critical + '.'
+    : 'OMK npm audit summary: attention required. total=' + total + ', high=' + high + ', critical=' + critical + '. Inspect npm audit output before release.';
+} catch {
+  context = status === 0
+    ? 'OMK npm audit summary: command completed but JSON could not be parsed.'
+    : 'OMK npm audit summary: npm audit failed or returned non-JSON output; inspect command output before release.';
+}
+process.stdout.write(JSON.stringify({
+  systemMessage: context,
+}) + '\\n');
+NODE
+rm -f "$TMP"
+`,
+    "post-init-mcp.sh": `#!/usr/bin/env bash
+# Post-init MCP validation — non-blocking health check after omk init
+set -uo pipefail
+LOG_DIR=".omk/logs"
+mkdir -p "$LOG_DIR"
+LOG_FILE="$LOG_DIR/mcp-init-check.json"
+# Run doctor silently and capture JSON output if available
+if command -v omk &>/dev/null; then
+  omk mcp doctor --json 2>/dev/null > "$LOG_FILE" || true
+else
+  echo '{"note":"omk not in PATH during hook execution"}' > "$LOG_FILE"
+fi
+`,
+};
+export const KIMI_CONFIG_TOML = `# open-multi-agent-kit generated Kimi adapter config
+# Lifecycle hook settings
+[[hooks]]
+event = "SessionStart"
+command = ".omk/hooks/session-context.sh"
+timeout = 5
+[[hooks]]
+event = "PreCompact"
+command = ".omk/hooks/precompact-checkpoint.sh"
+timeout = 5
+[[hooks]]
+event = "SubagentStop"
+command = ".omk/hooks/subagent-stop-audit.sh"
+timeout = 5
+[[hooks]]
+event = "PreToolUse"
+matcher = "Shell"
+command = ".omk/hooks/pre-shell-guard.sh"
+timeout = 5
+[[hooks]]
+event = "PreToolUse"
+matcher = "WriteFile|StrReplaceFile"
+command = ".omk/hooks/protect-secrets.sh"
+timeout = 5
+[[hooks]]
+event = "Stop"
+command = ".omk/hooks/stop-verify.sh"
+timeout = 30
+`;
+export const MEMORY_FILES = {
+    "project.md": "# Project Memory\n\nProject-local graph memory is the source of truth; this file is a human-readable mirror.\n\n## Runtime Surfaces\n\n- Follow AGENTS.md and .kimi/AGENTS.md for active agent policy.\n- Use chat-agent-harness.json when present for MCP/skills/hooks inventory, worker limits, authority boundaries, and gates.\n- Keep .omk/memory mirrors free of secrets and private user data.\n",
+    "decisions.md": "# Decisions\n\nRecord durable architecture, release, runtime, and safety decisions.\n\nFor each decision, include:\n\n- date and short title\n- affected files or surfaces\n- evidence commands or artifacts\n- rollback or revisit trigger\n\nNever store secrets, raw MCP env, tokens, or private user data.\n",
+    "commands.md": "# Frequently Used Commands\n\nCommand mirror maintained alongside the local graph memory.\n\n```bash\nnpm run yaml:check\nnpm run lint\nnpm run secret:scan\nnpm run check\nnpm run build:clean\nnpm test\nnpm run audit:package\nnpm run pack:dry\nomk mcp doctor --json\nomk verify --json\n```\n\nUse targeted `npm test -- --match <pattern>` for focused regression loops before the full gate.\n",
+    "risks.md": "# Known Risks\n\n- Do not store secrets, API keys, tokens, credentials, MCP env/header values, or private user data in memory.\n- `--local-user` and all-scope MCP/skills are runtime-only; do not copy global resources unless the user explicitly opts into `--import-user-skills`.\n- `chat-agent-harness.json` can contain private run inventory; summarize counts and gates, not full global inventories.\n- Working trees can contain unrelated edits; inspect `git status --short` before changes and avoid reverting user work.\n- Completion claims require evidence: tests, `omk verify --json`, replay/cockpit artifacts, or an explicit not-run reason.\n",
+};